Semasio Platform Privacy Policy

Last update on August 18, 2023

Go back

Semasio, a Fyllo Company (“we,” “our,” “us”) provides a variety of consumer data, marketing analytics, and related products and services designed to help our business customers (“clients”), and companies that work with them, market their goods and services to consumers in a relevant and efficient way, generally through using online advertising intelligence and information (the “Services”).

Our Services, many of which are described on this website, and many of which focus on advertising technologies which utilize personal data, are principally employed by our clients for digital marketing and advertising (including mobile, CTV, and other digital channels), but may also be used for other marketing channels.

This privacy policy explains the types of personal data we may collect or receive about individuals in connection with our Services, how we use, process and share that personal data, and your rights and choices regarding your personal data. When we say “you” we are referring to individuals whose personal data we process in connection with our Services, including on our advertising technology platform. The term personal data as used in this privacy policy has the meaning ascribed to it under applicable laws.

Semasio is the controller of the processing of your personal data described in this privacy policy. Our contact details can be found in Section 16 below.

Table of Contents

Section 1

Scope of this Privacy Policy

This privacy policy applies only to consumer data products and services offered by our Semasio-branded divisions. For consumer data products and services operated by our Fyllo-branded divisions, please visit the Fyllo Marketing Services Privacy Policy.

We also operate corporate websites, designed for our own clients and prospective clients, and others who want to learn about our Services. We address personal data we collect on our corporate website and personal data we collect for business-to-business purposes in our Website and Corporate Privacy Policy. Data collected on our corporate websites is not incorporated into our Services. Please visit our Website and Corporate Privacy Policy if you wish to opt-out of any data collected on through your visit to our corporate webpages.

Semasio operates globally, including in Europe and the United States, and processes personal data in accordance with this privacy policy. The General Data Protection Regulation (“GDPR”) sets standards for data protection in Europe. In the United States, the California Consumer Privacy Act as amended (“CCPA”) provides certain rights to residents of California. Other states’ laws (upon becoming effective) provide similar (though not identical) rights to their own residents. Semasio closely follows the development of data protection regulation in Europe, the United States, and in the rest of the world.

Please note that this privacy policy does not apply to your personal data when we act as a service provider or processor on our clients’ behalf. When we are in this role, our clients decide how and why your personal data should be used and you should contact our client directly regarding your privacy choices. Additionally, our clients may have privacy obligations in connection with personal data they share with our Services or process on our Platform. Information about these circumstances is set forth in Section 6 below.

Section 2

The Semasio Services

The Semasio Platform (the “Platform”) enables our clients to understand consumers and the webpages they visit. Through natural language processing and advanced semantic targeting, the Platform utilizes advanced semantic understanding of page and content meaning.

The Platform also ingests personal data collected from individuals’ online activities. This personal data may be collected through Semasio’s own tracking technologies (“Tracking Points”), or the data may be sourced from tracking points maintained by third parties. From these data points information may be derived and stored using a cookie set in the user's browser or identifier in a mobile device for identification. Semasio collects and stores online identifiers (“Cookie IDs”) and mobile advertising identifiers ("MAIDs”). Cookies are small files that enable Semasio to store information related to an internet user, on a personal computer or another device from visits to websites, and to “remember” a particular individual, on a particular web browser. Similarly, a MAID is a unique identifier that iOS or Android assigns to each mobile device and that can be used to connect mobile activity back to a specific individual.

Semasio synchronizes these identifiers with additional personal data associated with the same individual which is shared with Semasio by its commercial data sources or clients. This process may constitute profiling as defined by applicable law in certain territories. Semasio does not, however, carry out profiling in furtherance of automated decisions that produce legal or similarly significant effects or automated decision-making as defined under the GDPR (Art. 22 GDPR).

As further described in Section 5 below, the Platform enables our clients to create audience segments which are used by our clients to deliver online advertising to specific users (targeted advertising) or to create contextual segments which are used by our clients to deliver online advertising to specific websites (contextual advertising). Semasio also licenses (or “sells” as defined under certain US state privacy laws) the personal data it collects, for targeted advertising, and for various data modeling, research, and analytics purposes.

Semasio Advertising Industry Frameworks

Europe

Semasio is inspected and certified by ePrivacy GmbH and adheres to the Principles of the EDAA Online Behavioural Advertising (OBA) Framework.

United States

Semasio is a member of the Network Advertising Initiative (NAI).

Global

Semasio participates in the IAB’s global privacy platform which is designed to transmit consumer choice signals (e.g., opt-out or consent) between sites, apps and adtech providers in applicable territories, including in the United States and Europe (collectively, the “IAB Framework”) and complies with its Specifications and Policies in these territories. Semasio’s identification number within the IAB’s Transparency & Consent Framework is #84.

EDAA Logo
iab Approved Status
NAI Logo

Section 3

Sources of Personal Data

  • Semasio receives personal data from the categories of third-party data sources listed below (“commercial sources”). The commercial sources supply personal data which may originate online or offline and which may or may not involve Tracking Points.
  • Consumer data compilers and resellers
  • Advertising networks and publishers
  • Advertisers and agencies
  • Semasio also receives personal data from our affiliates who receive personal data from the same categories of commercial sources. A list of our affiliates is here.
  • Semasio’s clients may place Semasio Tracking Points on their digital properties to collect personal data related to their advertising campaigns. Where Semasio Tracking Points are used, our clients control the placement of our Tracking Pixel on their digital properties. You are under no obligation to provide your personal data to us via a Semasio Tracking Point. The Semasio opt-out page can be accessed here.

Section 4

Types of Personal Data

The Services do not utilize directly identifiable data such as your name, home address, phone number, or government identifiers such as your social security number. When our commercial sources share personal data that originated in directly identifiable form, it is pseudonymized before we process the data for the purposes described in Section 5 below. This means the directly identifiable information is removed and replaced with identifiers. This process allows us to connect your identifiers to other pseudonymous data about you in our databases.

From our commercial sources, we collect and store the following categories of personal data:

  • Online Identifiers, such as Cookie IDs, MAIDs, IP addresses, user IDs, or other online identifiers
  • Internet or other electronic network activity information based on your browsing activity, such as behavioral or interest data such as web pages, content, or advertisements viewed or clicked on, and time stamps
  • Commercial or transactions information, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (note we do not collect any payment information such as credit card details)
  • Survey or volunteered data, such as self-reported information provided by individuals to the commercial sources regarding interests, opinions, activities, or characteristics, including household data such as the number of household members, number of earners in the household, or household income level
  • Professional or employment information, such as current or past field of employment
  • Demographic information, such as age, gender, or occupation

Inferences
Our commercial sources also share inferred data, which means they have made certain inferences about a consumer’s preferences, interests, characteristics, or attitudes prior to sharing the personal data with us. Inferred data may also include inferences regarding your general (not precise) location based on IP address. Using our technology and data in the Platform, users of our Platform can also create similar inferences inside our Platform, provided that in processing personal data in the Platform, users are prohibited from creating sensitive inferences that could be deemed to be sensitive personal data.

Children
We do not knowingly collect personal data of individuals under the age of 18. We use reasonable efforts to remove the data of such individuals from our databases based on the applicable laws in the relevant jurisdiction. If you are a parent or guardian and believe we have collected data of a minor under the legal age in a particular jurisdiction, please contact us at privacy@semasio.com. If we learn we have inadvertently collected such data, we will promptly delete the data.

Special or Sensitive Categories of Personal Data
Except as otherwise described in this privacy policy (see Section 5), we do not knowingly collect personal data deemed “sensitive” or a “special category of personal data” where not permitted to do so under applicable privacy laws in the relevant jurisdictions where the Services operate (“sensitive personal data”). The meaning of sensitive personal data differs by jurisdiction, but often means data that reveals your race, religion, ethnicity, sexual orientation, gender identity, political or philosophical beliefs, or a medical condition or diagnosis; it sometimes includes any information about health or sexuality, or trade union membership. These categories sometimes overlap with characteristics of protected classifications under California or other US law.

Section 5

How We Use and Process Personal Data

Semasio uses and sells personal data to enable our clients (and their end clients) to perform, analyze and measure online marketing campaigns. Personal data is used to create audience segments, for consumer insights for digital and other advertising purposes, and to model contextual segments. Advertising campaigns are delivered by third party platforms. For targeted advertising delivery, lists of Cookie IDs/MAIDs are sent via our data centers to real-time bidding or other platforms that activate on audience segments to deliver advertising campaigns.

We have included a detailed description of these purposes in the following. We have also included references to our purposes under the IAB Framework.

The commercial purposes for which we use personal data

a. For Interest Based Advertising
Our Services include creating data products and providing datasets to our clients and making such datasets available to other advertisers or agencies for purchase via third party platforms, generally regarding which consumers are most likely to be interested (or disinterested) in certain offers.

  • Users of our Platform may create defined audience segments (“audience segments”) for the purpose of targeted advertising based on common demographics and/or shared (actual or inferred) interests or preferences (e.g., if a particular consumer is relatively likely to enjoy a particular type of travel, be a “green” consumer, or enjoy particular types of music).
  • This includes processing, creating or supplementing user profiles on our Platform for the purpose of creating audience segments. Creation of audience segments includes the creation of “lookalikes” where the audience segments are created by inferring that individuals in the audiences may have similar interests as individuals who have expressed an interest in the particular topic of the advertisement.
  • The audience segments created on our Platform are delivered to third party platforms for activation via real-time bidding to reach individuals who may be interested in the topic of the advertisement.
  • Semasio does not support the creation of audience segments that would reveal sensitive personal data of individuals in violation of applicable laws, including that would convey information or enable inferences about a consumer’s health. Semasio regularly reviews its syndicated taxonomy of audience segments for compliance with applicable laws and the NAI code of conduct as applicable. Semasio does not support personalized advertising on sensitive personal data such as sensitive health areas or sexual orientation as defined by applicable laws.

Where our clients operate the Platform in a self-service capacity and create custom audience segments, our clients are required to comply with applicable contract terms and policies, and they are responsible (as a data controller) for the audience segments they create.

Under the IAB Framework, we pursue the following purposes for the processing activities described in this section: “Create profiles for personalized advertising”.

b. For Matching or Linking Personal Data from Different Sources.

  • The Services may identify and link browsers and devices likely to be associated with you so that ads and ad campaigns can be targeted, capped, analyzed, measured and sequenced across those devices. For example, audience segments may help our clients avoid showing you ads for the shoes you were looking at on your phone but that you already purchased on your tablet. Instead, our clients may want to show you ads for an upcoming triathlon where you can put those shoes to work.
  • We may also create or use “identity” graphs or tables to connect identifiers and signals that correlate with individual consumers to help our clients locate consumers across various channels or devices based on common personal, device-based, or network-based identifiers (e.g. cookie IDs, IP addresses, or hashed emails).

Under the IAB Framework, we pursue the following purposes for the processing activities described in this section: “Understand audiences through statistics or combinations of data from different sources”.

c. For Insights or Analytics Purposes.

  • Our Services help our clients identify and understand their own customers and prospective customers better, by providing insights about them. Our databases help our clients get a full view of their customers and prospective customers to help them predict future buying behaviors, build brand loyalty, predict trends in the marketplace, or for other media consumption or business intelligence purposes.
  • This includes generating insights on audiences allowing our clients to better understand the composition of an audience. This may also include enabling clients to see which user IDs have seen one or more URLs from a certain list.

Under the IAB Framework, we pursue the following purposes for the processing activities described in this section: “Understand audiences through statistics or combinations of data from different sources“.

d. For Modeling Contextual Segments.

  • Users of our Platform may analyze personal data to identify highly indexed contextual segments. This also includes processing, creating or supplementing user profiles on our Platform for the purpose of creating the contextual segments. The contextual segments that result from this modeling process do not include personal data but instead are lists of websites (URLs) our clients wish to target (or exclude) corresponding to a semantic topic (“contextual segments”). Our contextual segments are used by third party platforms to deliver advertising campaigns to relevant websites rather than to audiences of relevant individuals.
  • Sensitive personal data may be used as seed data to model contextual segments. Our commercial sources (including advertisers) are required to comply with all applicable laws in sharing any personal data with Semasio. We contractually require our commercial sources who supply sensitive personal data to obtain (explicit) consent from individuals to use the data for the purpose of modeling contextual segments.

Under the IAB Framework, we pursue the following purposes for the processing activities described in this section: “Create profiles for personalized advertising”, “Understand audiences through statistics or combinations of data from different sources“.

The business purposes for which we use personal data

e. To Develop and Improve our Services.

We also use your personal data for our own internal purposes, such as to operate, analyze, improve, test, update and verify our Services; and develop new products.

Under the IAB Framework, we pursue the following purposes for the processing activities described in this section: “Develop and improve services“.

f. For Other Internal Purposes.

We also may use personal data for auditing for legal and other compliance purposes, aiding in ensuring security and integrity to the extent the use of personal data is reasonably necessary and proportionate for such purposes, debugging to identify and repair errors that impair existing intended functionality, short-term and transient use, and for the establishment, or the exercise or defence of legal claims.

Section 6

How our Clients use Personal Data

Our clients often include advertisers and agencies who act on behalf of advertisers.

Our clients are responsible for their own personal data processing activities, including when they operate our Services through self-service access to our Platform or when they supply personal data to the Platform for their advertising and marketing purposes.

While we generally act as a data controller, in limited circumstances we may act as a data processor or service provider to our clients in accordance with the client’s instructions and use that personal data only for the client.

Section 7

Personal Data Sharing and Disclosure

Semasio discloses personal data in the form of audience segments to third party marketing services providers and platforms such as demand side platforms that activate on the data to deliver advertisements for their clients, as well as service providers that help us provide the Services we have described above (or other Services we may add in the future). Semasio may also disclose personal data as further described in this privacy policy, including this Section 7.

  • Sharing With Marketing Platforms
    We disclose audience segments to third party marketing platforms who are typically intermediaries or resellers and who may further combine the personal data with other datasets or license the personal data or derived data they create to their own clients (who may also be our clients), including to help provide more tailored targeted marketing, advertising, and communications. Likewise, we may share personal data with third party marketing platforms for analytics purposes, including to help them or their or our clients analyze campaign performance, inform future campaigns, or to handle, analyze, or combine the personal data.
  • Sharing With Clients
    Our clients include (but are not limited to) brands who use personal data to market and advertise to their own customers (and prospective customers); advertising agencies; and/or other data compilers, who work with their own clients. Our platform and services can be used by advertisers in any industry sector. We typically do not disclose any raw data, including personal data, directly to clients. Clients with self-service access to the Semasio Platform are able process personal data in the Platform through dashboard tools and such clients may transfer audience segments from the Semasio Platform to authorized third party marketing platforms for activation. In limited circumstances, we may share personal data directly with clients (or the client’s service providers or processors, such as a hosting provider or data management platform) subject to permitted use and purpose limitations.
  • Sharing With Service Providers
    We may share personal data we collect with our service providers listed here. Our service providers only perform services on our behalf and subject to our instructions. Further information about our service providers can be found in the table below.
  • Sharing for Legal Purposes
    We may share personal data with third parties to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce contract terms or other legal rights, this privacy policy, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our clients, our agents and affiliates, our users and/or the public. We likewise may provide personal data to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.
  • Sharing In Event of a Corporate Transaction
    We may share personal data in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
  • Sharing of Aggregate Information
    We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device and thus has become anonymous information as that term or its equivalents are defined under the GDPR or other applicable laws. We may use such anonymous information that is not personal data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.
  • Sharing With Affiliates
    Subject to Section 13 below (International Data Transfers) may share your personal data with any affiliated or subsidiary companies for any of the purposes described in this privacy policy. A list of our affiliates is here.

Our disclosure, share and sale of personal data under the State Privacy Laws

In the United States, the California Consumer Privacy Act as amended (“CCPA”) provides certain rights to California residents. Other states’ laws provide similar (though not identical) rights to their own residents (collectively, the “State Privacy Laws”). For state residents in jurisdictions where the State Privacy Laws apply, we may disclose, sell and/or share (as those terms are defined under the State Privacy Laws), personal data collected from and about you.

Our Platform is frequently used to share audience segments (whether as part of our own syndicated taxonomy or as custom audience segments created by our clients) for targeted advertising (also known as cross-context behavioral advertising). Accordingly, all of the categories of personal data described in Section 4 above may have been shared or sold for interest-based advertising or related commercial purposes as described in Section 5 above with the categories of third-party recipients identified in the last column of the chart below. Provided, however, that personal data provided to Semasio from its clients or commercial sources for the purpose of modeling Contextual Segments as described in Section 5.d. is not shared or sold. Additionally, we do not knowingly share or sell sensitive personal data.

Information about which category of personal data is shared with whom

The chart describes how and with whom we disclose, sell and/or share personal data, and whether (based on the definition of sell or share in the State Privacy Laws) we believe we have sold or shared a particular category of personal data in the prior 12 months. Where we have sold or shared a particular category of data, it is most frequently in the form of audience segments which include only inferred information and not actual information.

For transparency, we’ve been deliberately inclusive in our terminology, by including within categories both types of third parties (e.g., “clients”) and types of platforms through which clients and other third parties might access data (e.g., “advertising networks”).

Category of personal data

Categories of service providers to whom we have shared this category of personal data for the purposes described in Section 5

Categories of third parties to whom we “sold” or “shared” this category of personal data in the last 12 months for the purposes described in Section 5

Online Identifiers

  • Cloud service providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Internet or other electronic network activity information

  • Cloud service providers, hosting providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Commercial or transactions information

  • Cloud service providers, hosting providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Professional or employment-related information

  • Cloud service providers, hosting providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Inferences from any of the categories of personal data identified in Section 4

  • Cloud service providers, hosting providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Demographic characteristics, including of protected classifications under California or US law (inferenced or actual)

  • Cloud service providers, hosting providers, data security providers
  • Other parties due to corporate restructuring or as required by law
  • Our affiliates
  • Our clients (including advertiser and agencies) and our client’s preferred activation platforms, including demand side platforms, data management platforms, connected TV providers, and social media networks
  • Advertising networks, data compilers and consumer data resellers, who make our syndicated taxonomy of audience segments available for purchase for targeted advertising purposes
  • Our affiliates

Note Data used for modeling contextual segments as described in Section 5(d) above is NOT accessible outside the Platform and is not “sold” or “shared” under the State Privacy Laws.

Section 8

Our Legal Basis

a. Our legal bases for processing personal data collected in the EEA.

In the European Economic Area (EEA) and the United Kingdom, the Platform operates on the basis of user consent, generally obtained through the IAB Frameworks in applicable jurisdictions, to store and process personal data. Therefore, the legal basis for the commercial purposes set out in Section 5 is your consent, Art. 6 (1) (a) GDPR.

The chart below describes in further detail the legal basis for the processing activities set out in Section 5 and references the categories of personal data (described in Section 4) processed in this respect as well as the legitimate interests pursued (as far as the legal basis is Art. 6 (1) (f) GDPR).

Purpose as described in Section 5

Legal Bases (and legitimate interests pursued, if applicable)

Category of personal data

Interest Based Advertising

Section 5(a)

Consent
(Art. 6 (1) (a) GDPR

  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4
  • Demographic characteristics

Matching or Linking Personal Data from Different Sources

Section 5(b)

Consent
(Art. 6 (1) (a) GDPR

  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4
  • Demographic characteristics

Insights or Analytics Purposes

Section 5(c)

Consent
(Art. 6 (1) (a) GDPR

  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4
  • Demographic characteristics

Modeling Contextual Segments

Section 5(d)

  • Consent
    (Art. 6 (1) (a) GDPR)
  • Explicit consent (Art. 9 (2) (a) GDPR) as far as sensitive personal data (as defined in Section 4) is processed
  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4 (excluding sensitive personal data inferences)
  • Demographic characteristics
  • Sensitive personal data (as defined in Section 4)

To Develop and Improve our Services

Section 5(e)

Consent
(Art. 6 (1) (a) GDPR)

  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4
  • Demographic characteristics

Other Internal Purposes: aiding in ensuring security and integrity, and repairing errors

Section 5(f)

Legitimate interests
(Art. 6(1) (f) GDPR).

We have a legitimate interest in operating our Services, databases and servers in a secure manner, and in auditing our processes for legal and other compliance purposes, in ensuring security and integrity, in debugging our Services to identify and repair errors that impair existing intended functionality and for short-term and transient use

  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4
  • Demographic characteristics

Other Internal Purposes: for the establishment, exercise or defence of legal claims

Section 5(f)

  • Legitimate interests (Art. 6(1) (f) GDPR) for all other processing activities. We have a legitimate interest in the establishment, exercise and defence of legal claims.
  • Additionally: establishment, exercise or defence of legal claims (Art. 9 (2) (f) GDPR) as far as sensitive personal data (as defined in Section 4) is processed for the purpose of establishing, exercising or defending legal claims
  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4 (excluding sensitive data inferences)
  • Demographic characteristics
  • Sensitive personal data (as defined in Section 4)

Other Internal Purposes: for legal and other compliance purposes

Section 5(f)

  • Compliance with a legal obligation (Art. 6 (1) (c) GDPR) as far as Semasio is processing the data to comply with legal requirements applicable to us (e.g., to comply with data subject’s rights such as access requests, to comply with court orders or tax law)
  • Additionally: establishment, exercise or defence of legal claims (Art. 9 (2) (f) GDPR) as far as sensitive personal data (as defined in Section 4) is processed for the purpose of establishing, exercising or defending legal claims
  • Identifiers
  • Internet or other electronic network activity information
  • Commercial or transactions information
  • Professional or employment-related information
  • Inferences from any of the categories of personal data identified in Section 4 (excluding sensitive data inferences)
  • Demographic characteristics
  • Sensitive personal data (as defined in Section 4)

b. Personal Data collected by our Commercial Sources.

Depending on jurisdiction, some of Semasio's clients or other commercial sources may collect personal data under an opt-out or other framework under observance of all applicable laws. Semasio coordinates with our clients and other commercial sources on requirements under relevant data protection regulations and has detailed contractual agreements. Specific business terms may seek to ensure that data protection regulations are understood, openly communicated and followed. However, clients and other commercial sources are themselves responsible for adhering to the applicable data protection requirements under their own privacy policies. Semasio does not take any responsibility and/or liability for the acts or omissions of its clients or other commercial sources.

Section 9

Your Right to Opt-Out or Withdraw Consent

a. Semasio Opt-Out.

Regardless of where you are located or what jurisdiction’s laws apply, we offer all individuals a right to opt-out of our databases if you do not want your online activity to be collected by the Platform for any of the purposes described in this privacy policy, including use of your personal data for profiling or targeted advertising.

b. AdTech Industry Opt-Outs.

Separately from the Semasio opt-out page, if you wish to opt out of online targeted ads in general (“interest-based” or “personalized” advertising), you can also visit the opt-out portals operated by various industry groups or other adtech participants. You can visit those opt-out pages here.

c. Additional Opt-Out rights.

Certain state privacy laws in the United States require us to provide state residents with specific opt-out options. While we utilize the same opt-out functionality for all opt-out requests which we apply to all processing activities in our databases (subject to the limited exceptions described in this privacy policy), we have described the rationale behind each specific opt-out right below.

  • Do not sell or share my personal data.
    This opt-out enables residents of certain states to opt out of the sale of their personal data or the use of their personal data for targeted advertising (also called a “share” or “cross-context behavioral advertising” in California). Certain state laws broadly define what constitutes a “sale” of personal data which does not need to include an exchange of money. If we have your personal data in our databases, we may have sold or shared personal data about you in the last 12 months as described in the table in Section 7 above. Please visit our United States opt-out page here: United States Opt-out Page
  • Opt-out of targeted advertising.
    Residents of certain states have the right to request that we do not include your data in our audience segments which are designed for targeted advertising. Please visit our United States opt-out page here: United States Opt-out Page
  • Limit the use of my sensitive personal data.
    Residents of California have the right to request that we do not process or share their sensitive personal data. Please visit our United States opt-out page here: United States Opt-out Page
  • Universal opt-out.
    The “Global Privacy Control” (“GPC”) is an opt-out feature that you can enable on a number of internet browsers, including Mozilla Firefox, DuckDuckGo and Brave, or download as a browser extension. For information on how to enable GPC see here.  For our Services, we recognize the GPC in the United States through our integration with the IAB Framework.

d. Right to Withdraw Consent.

In situations where we rely on consent to process your personal data, you likewise may withdraw your consent at any time by visiting our United States Opt-out Page or International Opt-Out Page to submit an opt-out request. You may also contact us toll-free at 833 367-8688. Please be aware that withdrawing your consent does not affect the lawfulness of the processing of your personal data based on consent before its withdrawal.

e. Opt-Out Instructions.

Please note that our online opt-outs are cookie-based. Thus, if you browse the web from multiple browsers or devices, you may need to opt out from each browser and/or device, and for the same reason, if you change browsers or clear your browser cookie cache, you may need to perform this opt-out function again.

Section 10

Additional Privacy Rights

Under the General Data Protection Regulation (“GDPR”) and other privacy laws depending on where you reside, you may have certain additional rights regarding your personal data as summarized below, subject to certain restrictions and variations under applicable local laws. This section describes how to exercise those rights and our process for handling your requests. We may withhold these rights to the extent that the law in your country or state of residence does not recognize or no longer recognizes these rights. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

a. Right to request deletion of your personal data.

We interpret deletion requests as “opt out” requests and ask that you visit by visiting our United States Opt-out Page or International Opt-Out Page. We manage deletion requests in this way because under certain laws, deletion requests require identity verification which would require us to request additional personal data from you. Accordingly, for purposes of data minimization, we manage deletion requests as opt-out requests which are functionally equivalent in our databases to deletion requests (and what individuals requesting “deletion” typically desire to occur). If you have a different deletion request, please contact us using the contact information provided in Section 16.

b. Right to request access to your personal data.

Depending on what law applies, you may request information about your personal data in our databases. Additionally, under certain state privacy laws in the United States, applicable residents may request we disclose the categories of personal and the specific pieces of personal data that we have collected about you over the past 12 months, generally meaning which audience segments we believe to be connected to your personal data in our databases.

  • Your request for information can be accessed here:
  • United States Right for Information Page
  • International Right for Information Page
  • Solely to the extent required under applicable law, we will verify your identity (which may require us to require certain additional information from you) when you request to exercise certain privacy rights, including your right of access to information. For instance, if you request categories or specific pieces of personal data we have received about you, under certain state privacy laws you may need to confirm your possession of an identifier or to provide a piece of identification that confirms you are the person you claim to be. Once we have verified your identity, we will respond to your access or deletion request as appropriate.
  • Where you request the categories of personal data that we have collected about you, we will provide a list of those categories. Where you have requested specific pieces of personal data, we will provide the personal data you have requested, to the extent required under applicable laws and provided we do not believe there is an overriding privacy or security concern to doing so where authorized under applicable laws.
  • If we are unable to complete your request for information in full, we will provide you an explanation about the reasons why we could not fully comply.

c. Rights to object.

If you reside in the European Economic Area (EEA), the following applies: You can object to processing of your personal data where we are relying on the legitimate interest legal basis (Art. 6 (1) (f) GDPR) at any time. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis. To access this right, please contact us at privacy@semasio.com.

d. Additional privacy rights.

If you wish to exercise any other rights you might have under applicable data protection laws, including as appliable and subject to certain conditions in some cases, individual rights of correction/rectification, data portability, or restriction of processing, please contact us at privacy@semasio.com or contact us toll-free at 833 367-8688.

e. Right to lodge complaint.

Additionally, EEA residents have the right to lodge complaints or report concerns to a data protection authority, in particular in the Member State of their residence, place of work or of an alleged infringement of the GDPR (a list of these data protection authorities can be found here, a list of the data protection authorities of the German States (Länder) can be found here). UK residents can report a concern to the Information Commissioner’s Office. However, we respectfully request that you contact us first.

f. Authorized agents.

Under certain privacy laws, you may also designate an agent to make requests to exercise your rights on your behalf. As required by law, we will verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a legally sufficient power of attorney, depending upon the request made. We likewise may require that you verify your own identity, depending on the type of request you make. Please note, however, that because we are a cookie-based service, we are unable to process requests made through designated agents who do not have access to cookies on your devices.

g. Right to appeal.

In the event that we inform you that we will not, or believe we cannot, honor a particular (consumer or other data subject) request (for instance, if we have determined we cannot verify your identity, or if we believe you are not entitled to the scope of deletion you request), you may appeal our determination by emailing us at privacy@semasio.com.

h. Right of nondiscrimination.

To the extent applicable, we will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.

Section 11

How Long We Retain Personal Data

We retain personal data in accordance with requirements of applicable laws as long as it is necessary for the purposes we pursue (set out in Section 5) or we have a legal or compliance reason to do so. As a general matter, cookie data is refreshed and updated automatically 90 to 180 days from the time of initial collection unless you opt out from the Services. If we receive an opt-out request from you/if you withdraw your consent, we delete your personal data immediately. We may, however, retain information following your opt-out/withdrawal where legally permitted or required (e.g., for a legal compliance, auditing, or accounting reason). Personal data supplied by our commercial sources is deleted once both the contractual relationship and any applicable statutory storage periods have ended, unless we receive an opt-out request from you/if you withdraw your consent prior to this.

Section 12

How We Protect Your Personal Data

We have implemented appropriate security measures to protect the personal data in our databases against any unauthorized access, use or disclosure.  However, regardless of any technical and organizational measures Semasio has put in place to assure that data in its custody is secured, no such steps are foolproof, we therefore cannot guarantee that such data will not or cannot be subject to breach or to hackers.

Section 13

International Data Transfers

Semasio maintains data centers in the United States and Denmark. Please visit this page for a list of our service providers.

In some cases, we or our clients may transfer personal data of individuals residing in the European Union (EU) respectively the European Economic Area (EEA) to recipients located outside of the EEA, namely the United States.

Where a transfer of personal data to such third countries is taking place this happens only to countries in which the EU Commission has confirmed an adequate level of protection (a list of these countries and the respective adequacy decisions is available here) or where Semasio can reasonably ensure the secure handling of personal data by means of contractual agreements (standard contractual clauses in the meaning of Art. 46 GDPR, Module 1 for controller-to-controller transfers) or other suitable guarantees, including certifications or proven compliance with sufficient security standards. We apply these same standards to other jurisdictions that require similar protections.

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Please contact us using the contact information provided in Section 16 if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).

Section 14

CCPA Metrics

Metrics on opt out and information requests under CCPA can be accessed via the following page: CCPA Metrics

Section 15

Changes to this Privacy Policy

Semasio may change or update this privacy policy at any time in accordance with any new applicable data protection regulations or new relevant information achieved. Any changes or updates we may make will be posted on this website.

Section 16

Contact Information

Semasio has a designated privacy contact. If you have questions related to this privacy policy, or regarding our products or services, please contact us at privacy@semasio.com or info@semasio.com. We appreciate your comments and questions regarding Semasio’s privacy practices.

Postal addresses

Semasio GmbH
Mönkedamm 11
20457 Hamburg
Germany

Semasio Inc.
c/o Casters Holdings, Inc.
433 West Van Buren Street, Suite 200, Chicago, IL 60607

Controller

If you are based in the European Union (EU) or the United Kingdom, the controller of your personal data is Semasio GmbH.

European data protection officer (DPO)

If you are a based in the European Union (EU) or the United Kingdom, you may contact our data protection officer and state in your request that your concern relates to Semasio GmbH. However, we respectfully ask that you only contact our Data Protection Officer regarding urgent matters relating to data protection.

Prof. Dr. Christoph Bauer
ePrivacy GmbH
Große Bleichen 21
20354 Hamburg
Germany

Representative of controllers or processors not established in UK (Article 27 UK GDPR)

UK Representative Service for GDPR Ltd.
7 Savoy Court
London WC2R0EX
United Kingdom