Privacy Notice Review Process
After you add the NextRoll Pixel to your site, NextRoll will review your privacy notice to make sure you have all of the required information. You are required to post your privacy notice within 30-days of adding the NextRoll Pixel to your site.
Why You Need a Privacy Notice
To help you learn more about who might be interested in your brand and fuel the growth of your brand, NextRoll’s Pixel collects data about visitors to your site.
Generally speaking, you have a legal obligation to disclose information about the types of data collected from visitors to your site(s), the third parties with whom that data is shared, and how visitors can control that data collection.
What do we mean by “generally” here? Well, because there is not one comprehensive global privacy law, the specific details of what your policy notice must contain will likely vary depending on where visitors to your site reside—for example, whether your site has traffic from visitors in the U.S. or Europe—and the types of NextRoll services you use.
We’re here to help make sure your site discloses the necessary data collection and control information implicated by your use of the NextRoll Pixel in specific jurisdictions. In other words, there may be privacy compliance measures you need to take based on the type of business you operate and where your business operates. It is important to note that this article only identifies the information required to be in your privacy notice resulting from the use of NextRoll Pixel (see below).
Privacy Notice Disclosures
Required information for all customers
When using the NextRoll Pixel for any of our services, you must notify the visitors to your site of the use of our services by disclosing the following information in your privacy notice:
- What Personal Data is Collected and How
- When we say “Personal Data” we mean this to include “personal information” (often referred to as “PI”) and/or “personally identifiable information” (sometimes called “PII”) as defined or described in different privacy laws around the world (and in the U.S.).
- You must disclose that personal data, such as visitor IP addresses, is collected from visitors to your site using tracking technologies such as third party cookies and non-cookie technologies.
- The Purposes for Which the Data is Used and by Whom
- You must disclose:
- the third parties with whom personal data collected on your site is shared; and
- why this data is collected (i.e., the purpose for collecting personal data).
- For example, you can disclose that third parties (such as NextRoll) may place cookies on the browser used by the visitor in order to serve targeted advertising and for measurement and analytics purposes.
- You must disclose:
- How Visitors Can Control the Collection of their Data by NextRoll including:
- You must include instructions for visitors to control the collection of data by web browsers and mobile devices. For example, let your visitors know they can decline to have personal data collected via third party tracking technologies by navigating to the settings feature in their browser and declining all third party cookies or declining third party cookies from specific sites, or, for mobile, limiting ad tracking or resetting the advertiser identifier via the privacy settings on their mobile device; AND
- You must provide an opt-out link or third-party tool that opts users out of targeted or interest based advertising. Available third-party opt-out tools include: the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only). (See AdRoll's opt-out article for an example.).
Additional Information for Cross-Device and AdRoll Email Services
Are you using our Cross-Device or AdRoll Email Services?
If you have opted in to use the our cross-device service or AdRoll Email Services you must include the following additional information in your privacy notice:
- What Personal Data is Collected and How:
- Disclosure that your site collects hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising; and
- a reference to NextRoll's Privacy Notice; AND
- How Visitors Can Opt-Out of Receiving Cross-Device Advertising:
- Instructions for visitors to opt-out from receiving cross-device site advertising (i.e. tracking a user across devices), by accessing their device setting or visiting and employing the controls described on the NAI’s Mobile Choices page.
Additionally, if you are using NextRolls’ Cross Device and/or AdRoll Email Services you need to make sure that you include the following additional disclosure on the webform on your site that is collecting your visitors’ email addresses (and which NextRoll will hash and use in its cross-device graph).
See example wording you can include in your webform below if you are using AdRoll Email Services:
We use AdRoll Email (a product of NextRoll, Inc.) as our email automation marketing platform. NextRoll, Inc. performs a hash of your email address in order to serve targeted advertising to other devices connected to you (cross-device tracking). By submitting this form, you acknowledge NextRoll, Inc.’s hashing and cross-device activity. For more information, please see NextRoll’s Privacy Notice.
See example wording you can include in your webform below if you are using our Cross Device Services:
Your information is being used for our own marketing purposes. Our advertising Partner, NextRoll, Inc. performs a hash of your email address in order to serve targeted advertising to other devices connected to you (cross-device tracking). By submitting this form, you acknowledge NextRoll, Inc.’s hashing and cross-device activity. For more information, please see NextRoll’s Privacy Notice.
Additional Information If Your Site Attracts Visitors from California
If your site(s) receive visitors from California, you will have to include the following information in your privacy notice:
- A link to the California Residents section of NextRoll’s Service Privacy Notice. For more information about this disclosure, please see this article.
Additional Information If Your Site Attracts Visitors from Europe
If your site attracts visitors from European Territories (European Territories includes the European Economic Area, Switzerland, and the United Kingdom), the General Data Protection Regulation (“GDPR”) applies to your business and you are a GDPR-impacted customer. In addition to using a “consent mechanism” to obtain consent to collect personal data via NextRoll’s Pixel, the GDPR requires that you include at least the following information in your privacy notice:
- Disclosure of the purposes of processing the personal data collected on your sites (i.e. the NextRoll services which you are using);
- The legal basis you rely on to process each type of personal data (e.g. consent); and
- Identification of the entities that receive (or with whom you share) the personal data collected (i.e. NextRoll, Inc.).
NextRoll also provides Customers the option to use NextRoll’s consent banner. For more information, please click here.
Please remember that the required disclosures described above relate to the use of NextRoll’s Pixel and should not be construed as legal advice for the operation of your specific business. Privacy laws vary across different countries and territories and may apply to the operation of specific industries. Only your business can determine all the disclosures, language and requirements that must be included in your privacy notice to account for all the unique aspects of your business.
Examples of Privacy Notice Disclosures
Need Inspiration? Below are examples of the type of information you need to include in your privacy notice. The disclosures will vary depending on (a) what NextRoll Services you are using’ and (b) what jurisdictions your business operates in.
Collection of Data
Our site uses technologies of third-party partners [such as NextRoll] to help us recognize your device and understand how you use our site(s) so that we can improve our services to reflect your interests and serve you advertisements about the [products and/or services] that are likely to be of more interest to you. Specifically, [NextRoll/these partners] collect information about your activity on our site(s) to enable us to:
- measure and analyze traffic and browsing activity on our site(s);
- [Optional: if you are using our Media Services to run campaigns include this disclosure] show advertisements for our products and/or services to you on third-party sites;
- [Optional: if you are using our Cross Channel Measurement Services include this disclosure] measure and analyze the performance of our advertising campaigns;
Cross-Device [Optional: if you are using our Cross Device or AdRoll Email Services]
We may share data, such as hashed email derived from emails or other online identifiers collected on our site(s) with [NextRoll/ our advertising partners]. This allows our partners to recognize and deliver you ads across devices and browsers. To read more about the technologies used by [NextRoll/our partner] and their cross device capabilities please refer to NextRoll’s Privacy Notice.
Our partners [such as NextRoll] may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason you can use the following third party tools to decline the collection and use of information for the purpose of serving you interest based advertising:
- The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
- The EDAA’s opt-out platform http://www.youronlinechoices.com/
- The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN
Where to Place your Privacy Notice
You should have a clearly visible link to the privacy notice on all site pages where personal data is collected and the NextRoll Pixel is placed. The privacy notice link must be clearly and conspicuously placed on the home page and should be easily accessible within a few clicks of the landing page.