Effective: November 16, 2020

This Privacy Policy describes how personal data is processed when you use Permisio or access the Permisio website. 

Permisio is an easy-to-use privacy preferences portal from Quantcast, helping to make online experiences better by giving consumers the ability to securely access and control their privacy settings across partner online services, i.e. operators of websites or apps integrated with Permisio, using a single account.

Who is Responsible

Permisio is a product offered by Quantcast. Quantcast is responsible for the processing of personal data as described in this privacy policy when you use Permisio or the Permisio website. 

For individuals based in the United States, Permisio is provided by Quantcast Corporation. For individuals based outside of the United States, Permisio is provided by Quantcast International Limited, which is also the data controller responsible for your personal data when you use Permisio. See the “Contact” section for information on how to contact Quantcast.

Quantcast also offers other products. Quantcast’s other products are subject to the Quantcast Privacy Policy

To the extent that personal data is disclosed by Permisio to Quantcast’s other products, Quantcast’s other products are treated as though they are third parties. Permisio only discloses your personal data to third parties, including Quantcast’s other products, with your permission.

Processing Overview

This table provides an accessible and high-level overview of the way in which we will process your personal data in relation to your use of Permisio:

Categories of personal data  Source Retention period Purpose Legal basis Disclosure to third party*
Account information Provided by you when you create an account
Provided by a partner service through whom you are creating an account
Created by Permisio and assigned to your account
10 years from last use Manage account Contract No
Communicate with you Contract; Consent; Legal obligation No
Personalised advertising, advertising or content measurement or analytics Consent Yes, to Quantcast’s other products
Survey data Provided by you when you respond to surveys 13 months Improve Permisio, research and innovate Consent No
Usage data Collected by us when you use Permisio 13 months Improve Permisio, research and innovate Consent No
Personalised advertising, advertising or content measurement or analytics Consent Yes, to Quantcast’s other products
Network and connection data Collected by us when you use Permisio or access the Permisio website Real time Determine your imprecise location Legal obligation No
Real time Deliver information over the internet to allow you to access the Permisio service Contract; Legitimate interest
Consumer privacy preference data Collected by us when you use Permisio to set privacy preferences or to store privacy preferences For as long as you retain the preference within Permisio Create a record of your privacy preferences, including where and how you expressed them, to allow you to apply those privacy preferences to partner online services Consent Yes, to the parties about whom you have made decisions and stored privacy preferences  with Permisio
Demonstrate compliance with applicable law Legal obligation; Legitimate interest
All of the above data See above See above Fraud prevention Legitimate interest No
See above Security Legitimate interest No
As long as we are defending or pursuing legal claims or litigation Defend or pursue legal claims or litigation Legitimate interest Yes
As long as we are required to comply with law Compliance/law enforcement Legal obligation Yes

* Quantcast’s other products are considered third parties

** Service providers relied on by Permisio and new owners of the data asset in the event of a merger or acquisition are not considered a third party for the purpose of this table.

Further information on the information contained in the table is available in the remainder of the privacy policy.

Further information on processing 

What information do we process?

Account information
  • Account information is the information you provide to us when you create an account or that is provided by a partner service through whom you are creating an account, for example the email address you provide when opening your account. Account information also includes information created by Permisio and assigned to your account.
  • Some account information is required for us to provide the Permisio service to you. For example we need an email address or phone number to provide you with a Permisio account. If you choose not to provide the data required, we will not be able to provide the Permisio service to you. Certain required account information is created by Permisio and assigned to your account. For example, we will assign an account number to your account for administrative purposes. 
  • Other account information is optional for you to provide, but certain features or functionalities of the Permisio service may depend on it. If you choose not to provide optional account information, you will not be able to benefit from features or functionalities that depend on such information.
Survey data
  • Survey data is information you provide to us when you participate in a survey conducted by Permisio. For example, we might ask you questions about your experience using Permisio. 
  • It is optional for you to respond to surveys we conduct. You can choose not to respond to our surveys without any consequences to you.
Usage Data
  • Usage data is information we collect about how you use Permisio or the Permisio website. For example, the information includes which parts of Permisio or the Permisio website you use and for how long. The processing of usage data is optional. 
  • You can choose not to allow us to process usage data about how you use Permisio or the Permisio website without any consequences to you.  
Network and Connection Data
  • Network and connection data is data that an internet enabled device sends to us when you use Permisio or the Permisio website as part of the ordinary way in which information is communicated over the internet. Such data includes, for example, your IP address.
  • The processing of your network and connection data is required, because we need it to send information to you over the internet to enable your use of Permisio or the Permisio website. It is also required because we need to infer your country or state-level location to comply with the law. For example, if we infer from your IP address that you are located in the European Union, we would show you an experience designed to meet requirements of EU law but not necessarily California law and vice versa.  If you do not make your network and connection data available to us, you cannot access or use Permisio.
Consumer Privacy Preference Data
  • Consumer privacy preference data is data that is collected by us when you set or store your privacy preferences. For example, you can use Permisio to store your privacy settings for a partner online service so that those privacy settings are applied for your future interactions with that partner online service. Consumer Privacy Preference Data contains, for example, details of consents you have granted to companies.   
  • The processing of your consumer privacy preference data is optional. If you choose not to enter your consumer privacy preference data into Permisio, Permisio will not be able to remember your privacy preferences and you may be asked for them again. As a result, you may see requests to express your privacy preferences more often than you would otherwise because we would be unable to convey your privacy preferences to partner online services you visit.  

What is the purpose and the legal basis of the processing?

Account information
  • We use account information to manage your account, for example to allow you to log in to Permisio or change account information. This is necessary for us to provide the Permisio service to you under the Permisio Terms of Use.
  • With your consent, cryptographically obfuscated account information (i.e. account information that has been altered using encryption techniques to remove directly identifying characteristics) may be shared by Permisio with Quantcast’s other products. Quantcast’s other products use this information for personalised advertising with your consent. Quantcast’s other products also use this information for advertising or content measurement or analytics purposes with your consent, or on the basis of Quantcast’s legitimate interests provided that you have not objected to the processing. To learn more about how Quantcast’s other products process your personal data visit the Quantcast Privacy Policy at www.quantcast.com/privacy/
  • We use account information to contact you with your consent, if it is necessary under the Permisio Terms of Use, or if it is necessary for compliance with a legal obligation to which we are subject.
Survey data
  • We use survey data 
    • to understand and report on your responses to our survey; 
    • to combine this information with other information collected about your usage of Permisio; and
    • to innovate, for example by creating new or improving existing features, functionalities, products, or services.
Usage Data
  • Permisio or Quantcast’s other products collect usage data with your consent 
    • to measure and report on how you use Permisio or the Permisio website;
    • to generate reports about directly measurable or known information about users who used Permisio or the Permisio website;
    • to combine this information with other information previously collected about you, including from across websites and apps; 
    • to infer the demographic makeup and/or the interests of users that used Permisio or the Permisio website to generate statistical reports that show, for example, the likely percentage of users of a certain age range;
    • to innovate, for example by creating new or improving existing features, functionalities, products, or services; and
    • to advertise to you and people who are similar to you.
Network and Connection Data
  • We use network and connection data to allow you to access and use Permisio over the internet using standard internet communications protocols such as TCP/IP and HTTP. This is necessary to pursue our legitimate interests of making Permisio available over the internet to users. If you are an existing Permisio user, this is necessary for us to provide the Permisio service to you under the Permisio Terms of Use.
  • We also use network and connection data to provide you with an experience that complies with applicable law. For example, if we infer from your IP address that you are located in the European Union, we would show you an experience designed to meet requirements of EU law but not necessarily California law and vice versa. This is necessary for compliance with legal obligations to which we are subject.
Consumer Privacy Preference Data
  • We use your consumer privacy  preference data with your consent to create a record of your privacy preferences, including where and how you expressed them, to allow you to apply those privacy preferences to partner online services. 
  • In addition, we will use our record of your privacy preferences to enable us or third parties to demonstrate compliance with applicable law. This is necessary for us to comply with legal obligations to which we are subject or necessary to pursue the legitimate interests of third parties to comply with legal obligations to which they are subject. 
Secondary purposes of personal data processed
  • We use any of the data described above for the secondary purposes of detecting, preventing or otherwise addressing fraud, security, or technical issues, as well as to protect against harm to our rights, property, or safety, that of our users, or the public. This is necessary for us to pursue our legitimate interest in those purposes.
  • We further use any of the data described above for secondary purposes in connection with legal claims. This is necessary for us to pursue our legitimate interests in defending or pursuing legal claims.
  • We also use any of the data described above for secondary purposes in connection with compliance, regulatory, or investigative purposes if this is necessary for us to comply with legal obligations to which we are subject. 

How is this information shared? 

Generally Permisio shares information with the third parties you select specifically:

  • We disclose your account information to partner online services, for example publishers of third party websites or apps that you visit, if you make use of Permisio’s single-sign-on functionality to create or log into an account on that partner online service. 
  • If you consent to Permisio sharing cryptographically obfuscated account information (i.e. account information that has been altered using encryption techniques to remove directly identifying characteristics) with Quantcast’s other products and you select on a partner online service to allow Quantcast to process your personal data for personalised advertising, advertising or content measurement or analytics purposes, Permisio will share the cryptographically obfuscated account information with Quantcast’s other products in connection with your use of that partner online service. We will share consumer privacy preference data alongside your cryptographically obfuscated account information, and Quantcast’s other products will process your personal data in accordance with your privacy preferences. To learn more about how Quantcast’s other products process your personal data visit the Quantcast Privacy Policy at www.quantcast.com/privacy.
  • If you consent to Quantcast processing your personal data when you use Permisio or the Permisio website, we will allow Quantcast to collect and process usage data to provide Permisio with audience insights and to allow Quantcast to run and measure the effectiveness of personalized advertising campaigns for Permisio. To learn more about how Quantcast’s other products process your personal data visit the Quantcast Privacy Policy at www.quantcast.com/privacy.
  • If you select to store your privacy preferences with Permisio, we will share your consumer privacy preference data with the partner online services, for example publishers of third party websites or apps, and with third party online advertising or content personalization, measurement, and analytics companies who work with those partner online services to inform them of your privacy preferences.

Permisio also shares information with trusted service providers to help us run our business by processing information on our behalf. Such companies include providers of customer support services, fraud monitoring and prevention, email and marketing platforms and service providers, and hosting services. We require these companies to protect your personal information consistent with this Privacy Policy. 

If we merge with or are acquired by another company, sell a Perimisio website, app or business unit or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any other prospective purchaser’s advisers and will be one of the assets that is transferred to the new owner.

We may also have to share your personal data with, for example, government agencies, courts, or other third parties we are legally compelled to share your information with in connection with compliance, regulatory, or investigative purposes.

How long do we retain information?

Account information
  • We retain account information for up to ten years from the date you last used Permisio, unless you delete your Permisio account.
Usage Data
  • We retain usage data for up to 13 months.  
Network and Connection Data
  • We only use network and connection data in real time and do not retain it.
Consumer Privacy Preference Data
  • We retain consumer privacy preference data for as long as you have a Permisio account, unless you delete your consumer privacy preference data before then.
Exceptions
  • We may retain personal data for longer than the general retention periods described above if necessary for defending or pursuing legal claims, in litigation, or if we have a legal obligation to retain the data longer.

Cookies and Other Local Storage

A cookie is a small file containing a string of characters that is sent to your device when you visit a website. Other local storage includes web storage, which supports data storage similar to cookies but with greater capacity. Permisio uses cookies and other local storage to store and retrieve certain information when users interact with its website. Some cookies are necessary to provide the service, while others are optional and you can choose not to consent to our use of them.

Here are the cookies that Permisio uses: 

Cookie Owner Cookie name Cookie domain Purpose Lifetime Is this cookie necessary?
Permisio amplify-signin-with-hostedUI permisio.com Record type of login user interface seen by user 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].accessToken permisio.com Validate user is authenticated 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].clockDrift permisio.com Used to determine if tokens are expired 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].deviceGroupKey permisio.com Identify that device belongs to the correct user 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].deviceKey permisio.com Identify that device belongs to the correct user 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].idToken permisio.com Provide data about logged in user such as email address 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].LastAuthUser permisio.com Used to retrieve other CognitoIdentityServiceProvider cookies needed during Permisio experience 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].randomPasswordKey permisio.com Identify that device belongs to the correct user 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].refreshToken permisio.com Used to renew access tokens so user can stay logged in across sessions  Remains unless the user has not logged into their account for more than 30 days. Yes
Permisio CognitoIdentityServiceProvider.[applicationId].[userName (either email address or unique user identifier)].userData permisio.com Provide data about logged in user such as email address 30 days (renewable as long as refreshToken is present and valid) Yes
Permisio [domain]_euconsentv2 Domain of the partner online service, e.g. buzzfeed.com Stores consumer privacy preference data related to IAB partners 13 months Yes
[domain]_reprompthash Determines whether the user is prompted to update their consumer privacy preferences
[domain]_noniab Stores consumer privacy preference data related to non-IAB partners
Permisio _ga permisio.com Distinguishes users 2 months No
Permisio _gid permisio.com Distinguishes users 24 hours No
Permisio _ga_[container-id] permisio.com Persists session state 2 months No
Quantcast mc quantserve.com Distinguishes users across the web 13 months No
Quantcast d quantserve.com Encodes audience segments memberships of an mc cookie 13 months No
Quantcast __qca permisio.com Distinguishes users on Permisio 13 months No

Your rights

You may review, update, correct, access, obtain a copy of, port or delete the information in your Permisio account or your Permisio account itself by logging into your account. You may also have a right to restrict or limit the ways in which your information is processed, and the right to object to the processing of your personal data in certain circumstances. 

If we process your information based on our legitimate interests or those of a third party you can object to this processing, and we will cease processing your information, unless the processing is based on overriding legitimate grounds or is needed for legal reasons. 

When we process personal data you provide to us based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, return to the Permisio setting where you granted your consent to change your privacy preferences.

You have the right to lodge a complaint with our lead supervisory authority, the Irish Data Protection Commission, or your local supervisory authority.

International Transfers

We operate a global business. All of your personal data described in this Privacy Policy is transferred internationally between our affiliate companies and our service providers to jurisdictions around the world including the European Union, the United States, the United Kingdom, and Singapore, where the privacy and data protection laws may be different than those in your jurisdiction. We use standard contractual clauses approved by the European Commission for data transfers from the European Economic Area, Switzerland, or the UK to jurisdictions for which there is not a decision by the European Commission finding that their privacy and data protection laws provide an adequate level of protection of personal data. You can contact us to request a copy of our Standard Contractual Clauses.

Our Policy Toward Children

We do not knowingly collect or use data from children under 16. If a parent or guardian becomes aware that his or her child has provided us with personal data, that parent or guardian should contact us. If we become aware that a child has provided us with personal data, we will delete such information including the child’s account from our files.

Changes to the Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time that information is collected. We may revise this Privacy Policy from time to time, so please check this page regularly for updates. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them clearly on our website and/or by sending you an email or other notification, where feasible, and we’ll indicate when such changes will become effective.

Contact

If you have any questions about this Privacy Policy, please let us know.

Persons in the United States, please contact:

Quantcast Corp.

795 Folsom Street

San Francisco, CA 94107

Contact Quantcast Corp.

Persons outside of the United States, please contact:

Quantcast International Limited

Beaux Lane House

Lower Mercer Street, 1st Floor

Dublin 2, Ireland

Contact Quantcast International Limited

Contact the Data Protection Officer for Quantcast International Limited

If you have contacted us or our Data Protection Officer about a privacy or data use concern and feel that we have not addressed it satisfactorily, you may contact our US-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.