Vistar Media

Services Privacy Notice
Last Update: July 1, 2020

This Services Privacy Notice (“Notice”) describes how Vistar Media, Inc. (“Vistar”) processes personal information when providing advertising, measurement, and related services to our clients. This Notice also describes your choices over such processing.

This Notice applies to only our core services, which help clients identify where and when to place advertisements on mobile and digital-out-of-home (“DOOH”) media to reach target audiences (“Services”). This Notice does not describe how we process personal information in relation to our websites, platforms, and other digital properties (“Sites”). You can read more about how we process personal information in relation to our Sites by reading our Website Privacy Notice.

“Personal information” is information that identifies or can be reasonably linked, directly or indirectly, with an individual. This Notice does not apply to anonymous, de-identified, or aggregate personal information as defined under applicable law.

This Notice addresses the following topics:

  1. How We Collect Personal Information
  2. How We Use Personal Information 
  3. How We Disclose Personal Information
  4. Your Rights Over Your Personal Information 
  5. Information Security 
  6. Contact Us 
  7. Changes To The Policy 
  8. Additional Information For European Residents 
  9. Additional Information For California Residents 

 

1. How We Collect Personal Information

We provide the Services using personal information obtained from third parties, such as our clients, data suppliers, and measurement partners. We may process the following types of personal information in the course of providing the Services:

  • Device Information: We may receive information such as IP addresses, device identifiers, mobile advertising identifiers, and device type. We may also receive information regarding devices that presented or were near Vistar-facilitated advertisements.
  • Demographic Information: We may receive demographic information, such as information about income or age range and household locations, associated with device identifiers.
  • Device Location Histories: We may receive device location histories associated with device identifiers.
  • Commercial Activity and Preferences: We may receive information about commercial activity, such as loyalty program affiliations, and about preferences such as buying preferences, associated with device identifiers. We may also receive survey responses tied to device or other unique identifiers.
  • Publicly Available Information: We may also collect publicly available information, such as point of interest information.

The Services do not require – and we do not aim to collect – information that directly reveals an individual’s identity, such as name or email address.

Our clients and data suppliers may collect the information above from individuals using a variety of technologies, including cookies, software development kits, and other digital trackers deployed on websites, mobile applications, or other digital services. They might collect device location information via GPS, WiFi, or other location-based features. You may be able to modify or disable the sharing of device location in your device settings.

2. How We Use Personal Information

We use the information we collect to provide services to our clients. That includes:

  • Learning where to place DOOH ads to best reach defined audiences;
  • Delivering ads to DOOH or mobile devices;
  • Learning how individuals respond to ads;
  • Analyzing device movement patterns;
  • Learning whether devices that are exposed to ads are more likely to visit certain locations; and
  • Providing clients with reports illustrating how ad exposure may influence consumer outcomes.

We may use or disclose information that is anonymous, de-identified, or aggregated for any purpose. Where permitted by law, we use the information we collect to improve our products and services.

We act as a “data processor” when providing the Services in the European Economic Area (“EEA”) and the United Kingdom, which means that we process personal information at the direction and for the benefit of our clients, who are “data controllers” or who act on behalf of other “data controllers.” Please visit “Additional Information for European Visitors” for more information about what this means for you.

3. How We Disclose Personal Information

We disclose personal information to the following categories of persons and in the following circumstances:

  • Clients: To clients or their agents for their own purposes. The information we disclose may include, for example, information about the devices exposed to Vistar-facilitated advertisements and reports about the impact that Vistar-facilitated advertisements had on consumer preferences and activities. We do not share device location histories with clients.
  • Advertising Intermediaries and Market Research Companies: To advertising intermediaries and market research companies involved in the delivery and measurement of advertisements on behalf of our clients. We do not share device location histories with advertising intermediaries and market research companies.
  • Service providers. To service providers that process or collect personal information on our behalf, for example to provide services such as marketing support, technical assistance, data hosting, payment processing, customer service support, and data analytics.
  • Legal Compliance and Protection of Our Rights: To regulators, law enforcement, government authorities, and other third parties where we believe it necessary to comply with a legal or regulatory obligation, including a court order, subpoena, and regulatory request. We may also disclose information when we believe in good faith that such disclosure will help us protect our rights, interests, or safety, the rights, interests, or safety of third parties, or detect, prevent, or respond to fraud, intellectual property infringement, cybersecurity intrusions, or other illegal activities.
  • Transfer of Business Assets. To a third party involved in the consideration, negotiation, or completion of a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Vistar or as part of a corporate reorganization or stock sale or other change in corporate control.

We may disclose information that is anonymous, de-identified, or aggregated to any recipient for any purpose.

4. Your Rights Over Your Personal Information

Subject to local law, you may have certain rights over your personal information. These rights may include, depending on the circumstances, the rights to:

  • access your personal information;
  • delete personal information collected from you;
  • receive additional information regarding the sources from which we collect personal information, the purposes for which we collect and share personal information, the personal information of yours we hold, and the categories of parties with whom we share your personal information;
  • not be subject to unlawful discriminatory actions based on exercising your rights;
  • stop certain disclosures of your personal information; and
  • withdraw any consent you have given to such processing.

If you would like exercise your rights under local law, please contact us at Privacy@VistarMedia.com, or using our Opt-Out form, or at 1-866-I-OPT-OUT (1-866-467-8688) and entering service code 1002# to leave us a message, or send a letter to our Privacy Officer at 156 Fifth Avenue, Fourth Floor, New York NY 10010

California residents should consult the “Additional Information for California Residents” section for more information about their rights and additional disclosures.

5. Contact Us

If you have questions or concerns regarding the way in which we process your personal information, please contact us at Privacy@VistarMedia.com.

6. Changes to the Policy

We may modify or update this Notice from time to time. Any modifications or updates that we post will be effective immediately except where prohibited by law or as we otherwise indicate. We will notify you of changes to this Notice by updating the date at the top of this Notice or by providing notice by other means as may be appropriate.

7. Additional Information for European Residents

The Services may be provided to clients subject to the European Union’s General Data Protection Regulation (“GDPR”). When providing Services to such clients, Vistar operates as a “data processor,” which means that we collect personal information related to individuals in the EEA and the United Kingdom only on behalf of and pursuant to the instructions of our clients, who are “data controllers” or who act on behalf of other “data controllers.”

In practice, this means we do not collect, use, or retain personal information subject to the GDPR for our own purposes. At the end of an engagement, we follow our client’s instructions on how to use and retain personal information subject to the GDPR that we collected on that client’s behalf. And we do not use or retain personal information about individuals in the EEA or the United Kingdom obtained on behalf of one client for another client’s campaign.

8. Additional Information for California Residents

In the course of providing the Services, Vistar processes device location histories  as a “business” under the California Consumer Privacy Act (“CCPA”), which means that we decide how to collect, use, and retain device location histories of California residents. Vistar provides other aspects of the Services, such as advertisement measurement, as a “service provider,” which means that we collect, use, disclose, and retain personal information relating to California residents on behalf of and pursuant to the instructions of our clients.

The rest of this section relates to our processing of personal information as a “business.”

As a business, we do not sell personal information that we process when providing the Services.  We disclose the following categories of personal information to third parties for our business purposes:

 

Categories of personal information disclosed for our business purposes Categories of third parties to which this information was disclosed
Device Location Histories Service providers

 

As described in “Your Rights Over Your Personal Information,” California residents have rights relating to their personal information, including the rights to know and to deletion. Please contact us at Privacy@VistarMedia.com, or using our Opt-Out form, or at 1-866-I-OPT-OUT (1-866-467-8688) and entering service code 1002# to leave us a message, or send a letter to our Privacy Officer at 156 Fifth Avenue, Fourth Floor, New York NY 10010.

We will need to verify your identity and that the information you requested relates to you before completing your rights request.

We generally do not associate personal information (such as device history) with identified individuals when providing the Services, meaning we generally do not have information such as names or email addresses connected to device location histories. We use device identifiers (such as mobile advertising identifiers) instead, so please submit your device identifiers with your request. This will help us determine whether we process information about your device, though we may require additional steps to prove that you own the device to which the identifier relates.

If you are submitting a request through an authorized agent, the authorized agent must provide your signed permission alongside the request. We may also request that authorized agents verify their identity, and we may ask you directly to confirm your identity and that you have authorized the agent to submit the request on your behalf.