OpenPass Privacy Policy
Last Updated: April 25, 2024
Thank you for your interest in OpenPass!
This OpenPass Privacy Policy describes how information about you is collected, used, and disclosed if you use OpenPass, a single-sign-on service offered by The Trade Desk. By using OpenPass, you will gain access to certain content from participating third-party websites and applications (“Third-Party Sites”) without needing to create an account with each. This Policy also applies when you access or use the OpenPass website (“OpenPass Site”), which enables you to view which Third-Party Sites you’ve accessed using OpenPass and manage your OpenPass account.
If you are in the European Economic Area, Switzerland, or the United Kingdom (collectively, the “European Region”), the controller responsible for your information is The UK Trade Desk Ltd. If you are located outside the European Region, The Trade Desk Inc. is responsible for your information.
To access Third-Party Sites with OpenPass, you will be asked to provide an email address or phone number, which OpenPass will make available to the Third-Party Site. Certain Third-Party Sites may also ask for additional information, such as first name and last name. Please note that each Third-Party Site may use your information that we share with it for its own purposes (over which we have no control) and subject to its own privacy notice, which may include using your information to show you ads targeted to your interests. Please see the “Disclosure of Information” section below for more information.
If you are interested in The Trade Desk’s website privacy policy, click here. If you want to learn more about the privacy practices on The Trade Desk platform for advertising delivery, click here.
For additional information for residents of certain states, including California, Colorado, Connecticut, Utah, and Virginia, please see the “Additional Information for Residents of Specific States” section. For additional information for European Region users, please see the “Additional Information for European Region Users” section.
CONTENTS
Our Policy Regarding Children’s Information
Additional Information for Residents of Specific States
COLLECTION OF INFORMATION
To use OpenPass, you will be asked to provide your email address or phone number to us. The first time you sign in using OpenPass, and each time you are required to sign in again, we will ask you to provide a verification code that OpenPass sends to the email address or phone number you provide. If you do not provide your email address or phone number and verification code to us, you will not be able to use OpenPass.
In addition to email address or phone number, certain Third-Party Sites may request and collect additional information such as first name and last name. This additional information is optionally provided by you and is not required to use OpenPass. To the extent provided by you, OpenPass will collect this additional information as well.
We also collect certain information automatically. For example, we collect information about how you access OpenPass, including data about the device you use, such as your IP address, and browser and platform type. We also collect information about your use of OpenPass, such as which Third-Party Sites you sign into using OpenPass, access times/timestamp, your authentication token, and your preferred language.
We also draw inferences about you based on the information we collect. For example, we infer your preferred language based on information we collect automatically and make inferences about your approximate location based on your IP address.
We use essential tracking technologies, such as cookies and web beacons, to collect certain information to enable you to create, access and manage your OpenPass account. We also use such technologies to help us understand your activity on the OpenPass Site, which we use to improve OpenPass and the OpenPass Site, your experience, see which areas of the OpenPass Site are popular, and count visits. For more information about cookies and, where possible, how to disable them, please see the “Your Rights and Choices” section below.
USE OF INFORMATION
We use the information we collect to facilitate your access to Third-Party Sites using OpenPass, including by providing your email address or phone number, authentication token and timestamp of your log in to the Third-Party Sites you sign into using OpenPass. We also use the information we collect to:
- Provide, maintain, and improve our products and services, including OpenPass and the OpenPass Site, and The Trade Desk platform, to debug and repair errors in our services, and to develop new products and services;
- Create and maintain your OpenPass account, which you can access on the OpenPass Site;
- Send you technical notices, security alerts, support messages and other transactional or relationship messages;
- Monitor and analyze trends, usage, and activities in connection with OpenPass;
- Maintain safety and anti-fraud efforts;
- Comply with our legal and financial obligations;
- Create de-identified, anonymized, or aggregated information; and
- Carry out any other purpose described to you at the time the information is collected.
To the extent you decide to provide optional additional information such as first name and last name, we will use this additional information to facilitate your access to Third-Party Sites using OpenPass and to maintain your OpenPass account, which you can access on the OpenPass Site.
DISCLOSURE OF INFORMATION
When you access a Third-Party Site using OpenPass, you direct us to disclose your email address or phone number, and other optionally provided information with that Third-Party Site (we also disclose your authentication token and timestamp of your log in). We will not disclose your information to other Third-Party Sites unless you sign in with OpenPass on those properties. Third-Party Sites may use your information for, among other things, advertising purposes, including for UID2 (where available). UID2 involves transforming your email address or phone number into a unique identifier (called a UID2) that can be used in the advertising ecosystem to deliver personalized ads and perform related activities, like understanding the effectiveness of those ads. You should review the privacy policy of each Third-Party Site you access to understand their privacy practices, including their use of UID2, and the choices available to you. To learn more about UID2, please visit www.UnifiedID.com. You can also opt out of targeted advertising based on UID2 by visiting this portal.
We also disclose personal information in the following circumstances:
- We disclose information to vendors that perform services on our behalf, such as our hosting provider;
- We disclose personal information in response to lawful requests from public authorities, including to meet legal obligations, security or law enforcement requirements, or where we deem it necessary to protect the safety, property, or rights of The Trade Desk or others;
- We also disclose information among The Trade Desk and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership and may disclose information in connection with, or during negotiations concerning, any merger, sale of company assets, financing or similar transaction; and
- We disclose personal information with your consent or at your direction.
We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. The Trade Desk processes, maintains, and uses this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.
YOUR RIGHTS AND CHOICES
Deleting Your OpenPass Account
You can delete your OpenPass account and information that you have provided to us for your use of the OpenPass service, including your email address, phone number or name, by visiting the OpenPass Site and clicking “Delete Account” from the “Account Settings” page.
When you choose to delete your OpenPass account, we will delete the information you provided to OpenPass and other information we collected about your use of OpenPass, such as information about Third-Party Sites you signed into using OpenPass. We may keep some data for longer periods of time as necessary for legitimate business or legally permitted purposes such as fraud prevention and security.
If you delete your OpenPass account, you will no longer be able to access content of Third-Party Sites using OpenPass. In some circumstances, you may need to create an account with or subscribe to an individual Third-Party Site in accordance with its terms and policies. If you delete your account, you can visit the OpenPass Site to create a new OpenPass account by providing an email address or phone number and verifying the information you provide.
Cookies
Many web browsers are set to accept cookies by default. As described above, we use cookies to collect information about your visits to the OpenPass Site. If you prefer and if applicable, you can usually adjust your browser settings to remove or reject browser cookies.
OUR POLICY REGARDING CHILDREN’S INFORMATION
OpenPass is intended for individuals who are at least 18 years of age. We do not knowingly collect the personal information of any individuals who are under 18. If you believe that your child has submitted personal information to us, please contact us here.
ADDITIONAL INFORMATION FOR RESIDENTS OF SPECIFIC STATES
California, Colorado, Connecticut, Utah, and Virginia have enacted consumer privacy laws that grant their residents certain rights and require additional disclosures (“State Laws”). If you are a resident of one of these states, this section applies to you.
Additional Disclosures
This Privacy Policy explains how we collect, use, and disclose information about you in connection with OpenPass. As required by certain State Laws, below we use a table to explain this same information, including the categories of personal information we collect, the types of entities to which we disclose such information, and the ways we use each category of information.
| Categories of Personal Information | Categories of Recipients | Use of Personal Information |
|
|
|
|
|
|
|
|
|
|
|
|
| ||
| ||
| ||
| ||
| ||
More Information about our Data Practices
- As described in the “Collection of Information” section, we collect personal information directly from you (for example, when you create an OpenPass account), automatically when you use OpenPass or visit the OpenPass Site, and by making inferences about you based on the personal information we collect, such as your approximate location based on your IP, and your preferred language.
- We do not collect or process sensitive personal information in connection with OpenPass.
- We do not knowingly “sell” or “share” information about consumers under 18 years of age, and you must be at least 18 to use OpenPass.
- Please see the “Data Retention” section below for information on our data retention practices.
Your Privacy Rights
Access, Deletion, and Correction
Depending upon where you live, you may have the right to (1) request to know more about and access your personal information, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information. To make a rights request, please fill out this webform or email us at [email protected]. We may ask you to verify your request, such as by confirming the information you provided to us when you signed up for OpenPass.
To make a request about information held by a Third-Party Site you visited using OpenPass, please contact that Third-Party Site directly.
Targeted Advertising and Opting Out of UID2
Some Third-Party Sites may choose to use the email or phone number you provide when logging in with OpenPass as part of the UID2 service described above.
You may learn more about UID2 by visiting www.UnifiedID.com and may opt out of the use of your email address or phone number in the UID2 service for purposes that may be deemed “targeted advertising”, “sales”, or “sharing” as defined by the State Laws, by visiting this portal. If you visit a Third-Party Site with a legally-recognized opt-out preference signal (such as Global Privacy Control or GPC) enabled, that Third-Party Site may have the legal obligation to recognize such signal as an instruction from you to opt out of “sales,” “sharing,” or processing of your information for “targeted advertising” purposes that they engage in. Please review the privacy notice of each Third-Party Site for more information.
Authorized Agents
Depending on where you live, you may have the right to authorize another individual (an “authorized agent”) to submit a privacy rights request on your behalf. If you are submitting a rights request as an authorized agent, we may require you to submit proof of your authorization to make the request, such as a valid power of attorney or proof that you have signed permission from the individual who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm you have permission to submit this request. To submit a request as an authorized agent, please fill out this webform or email us at [email protected].
Appeals
If we deny your request, you may appeal our decision by contacting us at [email protected]. If you have concerns about the results of an appeal, you may contact the attorney general in the state where you reside.
Nondiscrimination
We will not discriminate against you for exercising privacy rights afforded to you by law.
ADDITIONAL INFORMATION FOR EUROPEAN REGION USERS
Legal bases for processing
We rely on the following legal bases to process (such as collecting, using and storing) your information:
Legal basis |
Purpose and types of information processed |
Consent |
To share your information, such as email address or phone number, with a Third-Party Site so you can access it. |
Contractual Necessity (where it is necessary for us to comply with our Terms of Service) |
We process your information, as outlined in the “Collection of Information” section above, to:
We process your email address or phone number to send you technical notices, security alerts, support messages and other transactional or relationship messages. |
Legitimate Interest (You can obtain more information about our balancing test (in which we have balanced our interests against yours) by contacting us.) |
We rely on the following legitimate interests:
|
Compliance with a Legal Obligation |
We process your information, as outlined in the “Collection of Information” section above, where we receive a valid request from a government or law enforcement body, regulator or similar, to deal with legal claims clams, and to ensure we comply with applicable consumer, advertising and data protection law. |
International transfers
Whenever we transfer information outside the European Region (including to Third-Party Sites who could be located anywhere globally, and The Trade Desk Inc. in the US), we ensure that there is a valid transfer mechanism, primarily by using our Data Privacy Framework certification for US transfers and data transfer agreements which are valid in the European Region. For more information about how we transfer your information, please contact us.
Your rights
Subject to applicable law, you have the right to access your information, to ask us to provide it to you (or a third party) in machine readable format, to withdraw your consent (where we rely on it) at any time, and to correct, delete and restrict your information. These rights may be limited, for example if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. You can also object to our processing of your information in certain cases (such as where we rely on legitimate interest as our legal basis). You also have the right to lodge a complaint with your local supervisory authority.
To make a rights request, please fill out this webform or email us at [email protected]. We may ask you to verify your request, such as by confirming the information you provided to us when you signed up for OpenPass.
Data Protection Officer (DPO)
We have appointed a DPO who can be contacted by email at: [email protected].
DATA RETENTION
We retain your information for as long as you are a user of our service; and for log record data (as defined here), for a period of 30 days from the date the record was created.
We may retain your information for longer where required in connection with actual or prospective legal or regulatory proceedings.
CHANGES TO THIS POLICY
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. If we make material changes, we will provide you with additional notice (such as by sending an email, providing a notice through our services, or instructing Third-Party Sites to give such notice).
CONTACT US
If you have any questions about this OpenPass Privacy Policy, please submit an inquiry here.