Data Protection and Consumer Privacy is Important to Innovid:
Innovid is dedicated to a high standard of consumer privacy and data protection, while maintaining quality advertising technology and measurement services for advertisers, agencies, publishers and other businesses across various third party websites and online media. Innovid has restrictive policies for the collection, use and sharing of consumer data. We maintain membership in good standing with the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA) and the European Digital Advertising Alliance (EDAA), and also maintain accreditation with the Media Rating Council (MRC). We are also a participating vendor in the IAB Europe Transparency & Consent Framework (TCF).
Innovid’s collection of data generally consists of basic data elements associated with advertisements served or measured by Innovid, such as impressions, clicks, viewing duration, pseudonymous identifiers such as cookie IDs, device IDs, IP address, date and time of interaction, information about the general geographical location from which a consumer is viewing an advertisement, device type, and other generic identifiers made available by the browser or device. Innovid collects these data elements on behalf of its clients in a privacy-compliant manner for the clients’ legitimate business interests and purposes, in order to effectively measure and evaluate the performance of the client’s advertising campaigns, deliver, schedule, optimize, personalize and sequence ads, administer the client’s account, and/or provide the client with engagement or performance analysis, as applicable to the services ordered by the client.
Innovid DCO services offer frequency and ad personalization features including creative decisioning based on factors such as general geographic location, time of day and number of exposures.
Innovid FTrack services also offer a privacy-oriented, cookieless approach to probabilistically recognize devices for measuring advertising quality and effectiveness and personalized ad creative messaging.
At a client’s request, Innovid may assist the client to target its ads through AudienceHub and/or AudienceHQ services based on the client’s first-party data, which may include email address, mailing address or phone number in addition to the basic elements described above, and/or based on data from the client’s selected third party data licensor (which may include pseudonymous identifiers and inferred interest categories). Innovid does not collect “sensitive personal information” or “special category data” as defined under applicable data protection laws.
Please read the Innovid Privacy Policy for further details regarding Innovid’s data collection, usage and sharing practices.
Innovid Upholds Consumer Choice.
We believe consumers should have the right to control how ads are targeted to them across online media. Innovid respects the consumer’s choice to opt-out of targeted advertising as otherwise required under applicable data protection laws. For more information regarding the opt-out options offered by Innovid, please see here.
Innovid is also in compliance with the standards set by the leading industry self-regulatory associations, the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA), and maintains membership in good standing with these associations. For additional industry resources on the self-regulatory principles of the Digital Advertising Alliance (DAA) and how to use advertising choice mechanisms, please see the DAA page located here.
Every ad using our cookieless approach known as FTrack includes our Privacy icon, except where such icon is not enabled by the applicable publisher. By clicking on this icon, consumers can find more information about the Innovid cookieless technology and are provided with the option to opt out. Every advertiser website deploying Innovid’s cookieless approach should include a reference to cookieless tracking in their consumer privacy policy or related statements, and should provide a link for the consumer to opt out.
Security and Compliance with Applicable Laws and Regulations.
Innovid is committed to the security and integrity of data, implementing a comprehensive suite of security measures that adhere to established industry best practices. We meticulously safeguard the data in our possession from any form of unauthorised alteration, destruction, access, or misuse. We maintain strict governance and granular control over all data collected, retaining it within secured and resilient database environments that feature strictly limited and continuously audited access rights designed to ensure the confidentiality and integrity of the data.
Our security framework is substantially enhanced by layered protections, including: cryptographic encryption of personal information both at rest and in transit, the enforcement of a strict password policy, mandatory utilization of multi-factor authentication (MFA) for all key systems, comprehensive EDR (Endpoint Detection and Response) and continuous vulnerability management policies, and the deployment of advanced security technologies engineered to proactively prevent unauthorised activities. Innovid's security is externally validated through annual SOC 2 Type II attestation and ISO 27001:2022 certification.
Innovid maintains compliance with the EU General Data Protection Regulation (GDPR). Innovid uses EU Standard Contractual Clauses as a mechanism to enable the transfer of personal data from the European Union, the United Kingdom, and Switzerland to the United States. In addition, Innovid, LLC (including its affiliate, Flashtalking, Inc.) maintains self-certification under the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK DPF Extension”), and the Swiss-U.S. DPF (“Swiss-U.S. DPF”). We have appointed a data protection officer, have a process for responding in a timely manner to data subjects seeking to exercise their rights under applicable data protection laws, and take a proactive approach to putting the necessary contractual provisions in place with our vendors and clients. Innovid has taken a comprehensive approach to U.S. state privacy law compliance, including CCPA, CPRA, VCPDA, CPA and others, and will continue to monitor and adjust our approach as state laws and regulations continue to evolve, in order to maintain compliance.
For further details, please visit our Privacy Policy. For any privacy-related request, please visit our privacy request form.
