Privacy Promise
Updated November 5, 2018
ADARA’s Privacy Promise
ADARA’s Privacy Promise is to explain in a transparent way, how we collect data from our business Partners to perform our business activities. We’ll explain how we carry out our digital advertising services and analytics products. ADARA is a business-to-business company in the online advertising technology and analytics businesses. Our products and services enable our clients to buy advertising space online and use our measurement and analytics products. This Privacy Promise also describes the types of data we collect from our partners and how we use, share and secure the data to provide our services through our platform (“ADARA Platform”). We’ll try to make this all as clear and as simple as possible, but if you have questions, you can contact us at privacy@adara.com, and we’ll be happy to help.
Please read the following carefully to understand our use of your personal data and how the ADARA Platform collects data from our Partners’ websites, which is where we are receiving your data.
Who We Are and What We Do
ADARA provides digital advertising and analytics services for the benefit of our business customers, giving them the ability to reach and understand Internet users and consumers (like you) who are most likely to be interested in their respective products and services. ADARA provides these services to customers such as website operators and mobile application developers that have installed ADARA tags or SDKs (“Partners”). Consumers (like you) benefit from ADARA’s technology by receiving more relevant online marketing content.
As a common example: if you visit an airline or hotel website to book a flight or a hotel room and the airline or hotel website is an ADARA Partner, then we will collect your search or booking travel intent about the destination including some related information (dates, class of travel, number of people travelling with you – for a full list see the table below). We do not collect your name or your email (unless already hashed so we never hold the actual email address) and we take care to ensure that we do not collect anything that tells us, or anyone we work with, who you are “in the real world”. Our intention is to never collect any information about you that can directly identify you.
Our Platform automatically recognises that it is the same user (without knowing who you are) if you visit another ADARA Partner site and book or enquire about another flight, hotel or travel product. The platform “knows” it is you because we assign a random unique identifier we call an “ADARA Recognized Traveller ID” and in our secure database, we log information about your travel interests and bookings which links to the ADARA ID unique to you. We also use profiling, including algorithms, to analyse your interests online and assign a score based on your travel activity. This improves our, and our Partners’ ability, to serve related advertising to those with an interest in travel.
What Do We Mean By Personal Data?
“Personal Data” is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. It can take the form of a name or address and, now, under new data protection laws in Europe, this can extend to uniquely generated IDs, IP addresses and other “unique identifiers” which do not tell us who a user is in the “real world”.
We cannot identify a user by name or find out where they live, but instead it gives us and our business customers a picture of the travel behaviour demographic characteristics of a user (like frequented destinations, type of trip (business vs leisure), their gender and the types of travel, products and services they are interested in) which we may assign to a user on our platform.
What personal data does ADARA collect?
At the core of our technology is the ADARA Recognized Traveller which gathers travel data from our trusted data partners and fuels every product and capability on the ADARA Platform. ADARA Recognized Traveller is broken down into three trusted data sources about the travellers:
- “Pseudonymous” data and technical identifiers;
- Interests for products and services; and
- Measurement statistics on the performances of ADARA services.
ADARA collects data and pseudonymizes it, which means that we are not aiming to identify a person in the “real world”. Personal data, collected by ADARA includes:
- cookie identifier;
- hashed email address;
- mobile device identifier
- hashed CRM identifier;
- passenger number record;
- general location data about the individual.
ADARA ensures that no directly identifying information is stored on our platform, by requiring all data to be hashed before collection (i.e. pseudonymized). ADARA does not collect the following types of personal data: individual’s name or data associated to the individual’s physical, physiological, genetic, mental or cultural identity. We do not knowingly collect or categorize users based upon sensitive data or ‘special categories of data’, such as racial or ethnic origins, political or religious beliefs, financial information, precise information about health conditions or treatments or other similar or related information. ADARA does not collect any sensitive or special categories of data.
We neither intentionally collect information from, nor target any services to, children under 13 years of age. If we learn that we have collected information of a child under 13, we delete that information as soon as possible.
How do we collect personal data?
When a user visits one of ADARA’s data partners’ websites, we collect and analyze information about individual consumer interests by way of two types of pixels; (a) a “Partner Pixel”; and (b) an “Advertising Pixel”. Partners provide us with access to their websites and applications to set and use these pixels.
When a user visits one of ADARA’s Partner’s websites, views an email from a Partner with an ADARA tag, or uses an app with an ADARA SDK installed, we assign [through the Partner Pixel] a unique identifier (a random, unique string of characters) to the user, a “cookie. A similar thing happens when a user sees or interacts with an online advertisement which has been placed through our Platform. Our tags do not collect an individuals name, user name, email address or physical address, but we may store and associate a hashed email address or a mobile device ID with the tag data we collect. Through these identifiers, we collect and store information about what the user does on the Partner website or application, and which Partner sites or apps the user visits. In the case of the Advertiser Pixel, we use the identifiers to collect information on how the users view and interact with the online ad (for instance the time it is viewable by the user, whether they click on the ad). ADARA may engage in cross-device data collection and targeting, when the relevant data is collected. This means we use third party providers to determine the likelihood that a given user on a desktop browser is the same user on a mobile device, and then we link the information we have on their desktop and mobile device activity. ADARA may also engage in cross-app data collection and targeting. This means we use a unique identifier to collect data from a particular device regarding application use over time and across non-Affiliated applications. We can then build segments, or receive segment data from our partners and clients, to create a profile against that unique ID. This allows us to determine the users travel preferences when they browse online.
What does ADARA do with this data?
ADARA collects the data, and then decides on the specific business use depending on one of the three main business activities in the travel ecosystem:
Online advertising: We will use the collected data to make decisions or buy, monitor, or report on the delivery of online advertising for our advertiser via ad exchanges. We may also share performance data (i.e. relating to viewability of the ad, and any subsequent conversion) with advertisers and their representatives in the digital advertising ecosystem. During this process, we may overlay third-party data collected from third-party data providers, to enhance our decision making. We may also use data to target ads on televisions and peripheral devices.
Measurement and Analytics: Once ADARA collects data, it is collated and classified in the database in aggregated form, and may be made available via reporting or via the ADARA platform for high level trend analysis in an aggregated form. We may also use the data to create analytics about travel industry trends, effectiveness of media, or for content marketing.
Traveller Intelligence: ADARA may share pseudonymous data, always aggregated to not identify one partner or brand, with our partners or clients for the purposes of enhancing their CRM for personalization or merchandising optimization.
The collected data may also be transferred in encrypted format to our vendors and suppliers; including cloud data centers and hosting providers. The data will also be used for specific internal ADARA operations including troubleshooting, data analysis, testing, research, and statistical or survey purposes.
We limit the use of personal data so that it is consistent with our transparency obligations and consent obtained from the end user, where appropriate.
The Security of Your Personal Data
ADARA cares about your privacy and employs administrative, physical and electronic measures designed to protect your personal data from unauthorized access. These measures may include encryption of personal data you provide and employment of information storage security technologies to block access from outside our network.
Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Please also be mindful that we are not responsible for the security measures of third parties, e.g. our Partners. As noted above, for more information about their personal data collection and usage practices, please see their respective privacy policies.
How long do we process personal data for?
ADARA will never store data for longer than necessary and always in accordance with data privacy laws and regulations. As is the normal practice in the advertising technology industry, we set our cookies to expire after the two-year mark.
For online identifiers like Mobile IDs that remain active indefinitely for the use of the device, ADARA dissociates the data after the period of two years from the last encounter with the end user.
We retain some personal data, received through the ADARA Partner websites or the ADARA website, for as long as we require to fulfill a legitimate business need. We retain and use information as is necessary to comply with our legal obligations and enforce our agreements.
What are your rights?
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data we hold about you (please see the section on obtaining access to your personal data, below).
- You may request that any incorrect personal data about you that we are processing be rectified.
- In certain circumstances, you may be entitled to request that we erase the personal data concerned subject to some specific legal reasons we may have to retain certain data relating to you.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent with the Partner website at any time, after which we will be notified or you can notify us directly to stop the processing concerned.
We will process this request once we have affirmed that the pseudonymous identifier we hold, matches the information provided by the user. This request can be made and carried out HERE. Alternately, you can also email privacy@ADARA.com We will respond to each request within 30 days.
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the personal data requested. Also note that even after a deletion, some personal data may remain temporarily in back-up copies until the next back-up rotation or overwriting cycle.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Supervisory Authority in the Member State of your habitual residence, place of work, or of an alleged infringement of the GDPR.
How to Opt-Out of Interest-based Advertising
ADARA provides several mechanisms for users to opt out of ADARA’s advertising and analytics services. You can use multiple methods to opt-out : ADARA’s opt-out mechanism via this URL on ADARA.com, click on the-opt out link on the advert itself, or you can do the browser based or mobile based opt-outs. In all cases, all of these opt-outs will be recorded and honored by ADARA.
Opt-out on ADARA.com
Please go HERE to let us know that you’d like to opt-out of ADARA advertising
Browser based opt-out
To opt out via your browser, the following member websites will allow users to opt out of targeted ads:
Once a consumer has opted out of one of these mechanisms, ADARA will cease serving any targeted ads to that consumer on the browser they opted out of. As part of this opt-out, ADARA will commit to exclude the user from any individually targeted action such as content personalization. Remember that opting-out is browser-specific. So, if you have multiple browsers or multiple devices you use to access the internet, you’ll need to opt out from each device or browser.
Mobile opt-out
To opt-out of the collection and use of data for interest-based advertising on your mobile device, you can modify the settings on your mobile device. To reset your mobile advertising ID or to opt out of interest-based ads in mobile apps, please follow your mobile device maker’s most current published instructions, such as the examples linked and pasted in below (current as of the date of this version of our Privacy Promise):
For Android Devices (version 8.0 and higher): Open the Settings app, Select Google, Select Ads, and enable the “Opt Out of Ads Personalization” setting.
For Apple Devices: Devices with iOS 6 and above use Apple’s Advertising Identifier. To learn more about limiting ad tracking using this identifier, visit the Settings menu on your device as follows: Go to Settings, Select Privacy, Select Advertising, and enable the “Limit Ad Tracking” setting. For more information about different iOS versions, please see: https://support.apple.com/en-ie/HT202074.
When you have opted out using this setting on a device, and when ADARA receives this signal, ADARA will not use in-app information collected from that device to infer your interests or serve ads to that device that are targeted based on your inferred interests.
Note: The specific opt-out instructions for each device may differ slightly depending on which version of the operating software you are running.
In addition, as noted above, we participate in the DAA’s Ad Choices program. So, each of our mobile ads includes the AdChoices Icon, on which you can tap to go to an opt-out page.
To learn more about how to use platform controls for opting out on mobile devices, please visit this link : http://www.networkadvertising.org/mobile-choice)
Changes to this Privacy Promise
Any personal data that we collect is subject to the version of this Privacy Promise in effect at the time the information is collected. However, we reserve the right to revise this Privacy Promise at any time. If appropriate, we’ll notify you of any material changes to the Privacy Promise by posting them clearly on our website or by sending you an email or other notification if we have your contact information, and we’ll indicate when such changes will become effective. This Privacy Promise was last updated on the 24th May 2018.
Where We Keep Your Personal Data
ADARA’s headquarters are based in California, which is where all of our data is ultimately sent to, after being collected via our data warehouses in Amsterdam, Netherlands, Singapore, and New York/California, United States. The data that we process in relation to users is be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection laws. It may also be processed by staff situated outside the EEA who work for us or for one of our vendors.. This includes staff engaged in, among other things, the fulfilment of orders, the processing of payment details and the provision of support services. We have set this out in more detail in the “International Transfers…“ section below.
Our Memberships and Affiliations
As above, ADARA is a member of the Network Advertising Initiative and adheres to the NAI Code of Conduct, and is also a participant in the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising. ADARA also honors and are participants of the EDAA self-regulatory OBA principles. ADARA adheres to the Internet Advertising Bureau Europe’s Good Practise Principals for Online Behavioural Advertising as well as the European Interactive Digital Advertising Alliance’s principles.
The Data Protection Commission
The Data Protection Commission is the supervisory authority in Ireland and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data. You can consult their website for more information: https://www.dataprotection.ie
International Transfers
Overview
Where personal data is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism which may include complying with the EU-US Privacy Shield transfer mechanism and that it is treated securely and in accordance with this Privacy Promise.
ADARA recognizes that the EEA has established strict protections regarding the handling of personal data, including requirements to provide adequate protection for personal data transferred outside of the EEA. To provide adequate protection for certain personal data about our Partners’ users, received in the United States, ADARA (which shall include entities and subsidiaries covered by ADARA’s privacy shield certification) has elected to self-certify to the EU-US Privacy Shield Framework as set forth by the US Department of Commerce. ADARA adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, ADARA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, ADARA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov. To review ADARA’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located HERE.
In this Privacy Promise, we have set out the categories of personal data that we may receive in the US, as well as the purposes for which we use personal data. Before we use your personal data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. ADARA maintains reasonable procedures to help ensure that personal data is reliable for its intended use, accurate, complete, and current. We have also set out above the relevant security provisions and access rights available to you.
Third Party Agents or Service Providers
ADARA is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf [including Ad Exchanges and our Partners]. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process personal data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. ADARA remains liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. Please click HERE for more information on our third-party partners.
Questions or Complaints relating to the Privacy Shield Framework
In compliance with the EU-US Privacy Shield Principles, ADARA commits to resolve complaints about your privacy and our collection or use of your personal data. EU based individuals with inquiries or complaints regarding this privacy promise should first contact us at privacy@ADARA.com. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Contacting Us
We have appointed a Data Protection Officer, whose contact details are the following:
Vincent Potier
Data Protection Officer
ADARA, Inc.
1070 E. Meadow Circle
Palo Alto, CA 94303
Email : dpo@adara.com
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Also, an EU representative is based in Fumbally Square, Fumbally Lane, Dublin 8, Ireland.

