Dentsu Aegis Network (referred to as “our”, “us” and “we” in this notice) is a global media group. We help our clients to improve how they advertise and market, whether by print, post, email or on websites. We believe that the responsible use of data support business growth and builds strong relationships between brand and consumer. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We are committed to being transparent in our handling of personal information and processing personal information at all times in accordance with applicable privacy and data protection laws. This Privacy Notice explains how we may collect and use personal information from you when you use our website www.psiad.com.
This Privacy Notice explains the following:
- What personal information we collect on this website;
- How we use this information;
- How we store your personal information;
- >How we secure your personal information;
- Whether we disclose or share your personal information;
- Your choice regarding the personal information you provide to us;
- Our responsibility for website links;
- How to contact us.
In the Supplementary Information section of this Privacy Notice, we explain what is meant by “personal information” and other terms used in this notice.
What personal information we collect on this website
We collect information about how you use our website and the device(s) you use to access our site. This includes collecting unique mobile device ID or the internet protocol (IP) address online identifiers, which are numbers that can uniquely identify a specific computer or other network device on the internet. This information is linked to a cookie ID, which we receive and process. We also collect information about you if you make use of any of the interactive features within our website that rely on a personalised response, or where you ask us to respond to a query you have, or add your details to one of our alert or subscription services. The information we collect is limited to the details we need to provide the specific service you have asked for. We do not collect sensitive information, such as your political or religious beliefs, ethnic background, sexual preference, health or any other sensitive information. We do not actively seek to collect information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal data onto our Website, please contact us at firstname.lastname@example.org. We will delete such information from our records with a reasonable time.
How we use this information
Except where required by law, we only use the personal information you provide for the following purposes: • to deliver the specific information or services you have requested. For example, if you have requested further information on our services or content, or wish to subscribe to our alert service, or submit an enquiry through this site. We will only use the email address you provide to us to respond to that request. Without your express consent, we will not use your contact details for any other purpose.
Personal information processed for the purposes of providing our services
If you contract with us for our products and services, we will need to collect and use personal information about you. This section explain what personal information are collected, why and on what legal basis that personal information is used:
How long we will keep your information
We will keep your personal data for as long as is necessary for the relevant service, in accordance with our legal obligations. After this time, your personal data will either be securely deleted.
How we store your personal information
We are committed to ensuring your personal information is kept secure and confidential and not kept for longer than is necessary. From time to time we may ask other members of our group, or third party service providers, to help us manage our information technology systems. Some of these systems may be located in countries overseas. We will only transfer your information to a third party service provider or overseas, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws.
How we secure your personal information
We have appropriate security measures in place to prevent unlawful or unauthorised use, access or accidental loss of personal information. We also seek to ensure our service providers do the same.
Information Sharing and Disclosure
We do not sell or rent any personally identifiable information about you to any third party. We may disclose personally identifiable information in response to legal process, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, and as otherwise required by law. Our agents and contractors may have access to personally identifiable information to help carry out the services they are performing for us.
Your choice regarding the personal information you provide to us
- If you wish to stop receiving marketing communications from us then please click on the “unsubscribe” link at the bottom of the relevant mailing. If you wish to opt-out completely then please contact us at using the details provided below.
- If you would like us to delete your information from our records, please contact us using the contact details below and we will respond within a reasonable time. Please note that we may be required to retain certain information by law and/or for our own legitimate business purpose.
Users from the European Economic Area
If you are from the European Economic Area, you have rights (with some exceptions and restrictions) to:
- >object to our processing of your personal data, including profiling. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing;
- access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it;
- request erasure of your personal data in certain circumstances Erasure rights do not apply where the data is processed for historical research purposes or statistical purposes.
- request correction or updating of the personal data that we hold about you and that is inaccurate;
- request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
- withdraw your consent to our use of your personal data. When you use our website you may have been asked to consent to the dropping of a cookie. You may withdraw your consent to our processing of your personal data that has been derived from cookies. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent;
- complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner’s Office.
If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity. If you are from the European Economic Area and would like to exercise any of these rights in relation to any information we hold about you via this website please contact us using the contact details provided below. We will consider and respond to your request in accordance with the relevant law.
Our responsibility for website links
This Privacy Notice is limited to the personal information which we collect and use via this website. We do provide links within this site to other websites, including social media sites such as Facebook, Twitter and LinkedIn and sites operated by other brands within the Dentsu Aegis Network Group (e.g. Carat, Vizeum, iProspect, Isobar and Posterscope).
If you follow these links, you should use these sites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Privacy Notice. Further, we can have no responsibility for or control over the information collected by any third party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.
This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. If you do not agree to the changes, please do not continue to use our website. You should check this notice frequently for updates. This notice was last updated 21.05.2018
If you have any questions about our approach to privacy or you would like to exercise any of the rights mentioned
in this Privacy Notice you can contact our Data Protection Officer in any of the following ways:
Address: Data Protection Officer, Dentsu Aegis Network, Regent’s Place, 10 Triton Street, London, NW1 3BF
Telephone:(+44) (0) 207 070 7700
In this Supplementary Information section, we explain some of terminology used in this Privacy Notice.
“personal information” – any information that relates to you (or from which you can be identified).
“profiling” – automatically using personal data to work out certain things about people, like analysing or predicting their performance at work, reliability, economic situation, personal preferences, interests, behaviour, location or movements.
How we deploy “cookies”
Our site uses the following types of cookies:
Strictly necessary cookies
We deploy cookies to help us to identify how users navigate to and around our website and to enable some of the features within the site that may be beneficial to you (for example, language preferences, or print page features). This helps us deliver an effective online service to you. These are known as “First Party” cookies.
The strictly necessary cookies are listed below:
|__RequestVerificationToken||This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.|
These cookies allow our sites to remember choices you make (such as user name, or region you are in)
and provide enhanced, more personal features. These cookies can also be used to remember changes
you have made to text size, fonts and other parts of web page which you can customise. The information
these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
The functionality cookies are listed below:
|language||This cookie is used to store language preferences, to serve up content in the stored language.|
The performance cookies are listed below:
|_gid||This cookie name is associated with Google Universal Analytics. This cookie stores and updates a unique value for each page visited.|
|_gat||This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.|
|_ga||This cookie name is asssociated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.|
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on our site or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter or Google+. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
The social media cookies are listed below:
|Google DoubleClick||We use these cookies to measure the effectiveness of our online marketing campaigns; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.|
|Google Analytics||These cookies are used to collect information about how visitors use our website. We use the information to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.|
How to reject cookies
If you don’t want to receive cookies, you can alter your browser settings. The procedure for doing so varies from one browser application to another. If you wish to reject cookies from our site, but wish to accept those from other sites, you may choose the option in your browser settings to receive a notice before a cookie is stored on your device. Please consult the “Help” section of your browser for more information. To find out more, please consult the following: http://www.allaboutcookies.org/manage-cookies and www.youronlinechoices.com .
By disabling cookies, you may be prevented from accessing some features of our site or certain content or functionality may not be available.
Responsible Disclosure Policy
Dentsu Aegis Network (DAN) believes that everybody should be safe and secure on the Internet. DAN is committed to maintaining the security of our assets, systems, and customers’ information. If any potential vulnerabilities are identified in any product, system, or asset belonging to DAN, we encourage security researchers to contact us as soon as possible. If you believe you have identified a potential security vulnerability, please submit it in accordance with our Responsible Disclosure Program.
Thank you in advance for your submission. DAN does not operate a public bug bounty program and will not provide a reward or compensation in exchange for reporting potential issues.
Responsible Disclosure Program Guidelines
Researchers shall ensure that when in the process of disclosing potential vulnerabilities they:
- Do not engage in any activity that can cause potential or actual harm to DAN, DAN customers, or DAN employees.
- Do not engage in any activity that can potentially or actually degrade DAN services or assets or cause them to stop entirely.
- Do not engage in any activity that violates (a) applicable laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity
- Do not engage in any activity that puts DAN in violation of any (a) applicable laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.
- Do not store, share, compromise or destroy DAN or any customer data. If any Personal Information is identified, you should immediately stop the activity, remove related data from your system, and immediately contact DAN. This is important for protecting any potentially vulnerable data, and you.
- Do not initiate a fraudulent financial transaction.
- Do not disclose any reported issues to third parties, or publish such reported issues publicly
By acting in accordance with the guidelines above and responsibly submitting your findings to DAN, DAN agrees not to pursue legal action against you unless it is compelled to do so by a regulatory authority, other third party, or applicable laws
Once a report is submitted, DAN commits to provide prompt acknowledgement of receipt of all reports (in any event, within 5 business days of submission). Where possible, DAN shall use commercially reasonable endeavours to keep you reasonably informed of the status of any validated vulnerability that you report through this program
When reporting a potential vulnerability, please include a detailed summary of the vulnerability. This shall include the following:
- The target
- The steps
- The tools
- The artefacts
- You may include screen captures to illustrate detail
Out of Scope Vulnerabilities
Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out-of-scope vulnerabilities include, but are not limited to:
- Physical testing of premises
- Social engineering. For example, attempts to steal cookies, fake login pages to collect credentials
- Denial of service attacks
- Resource Exhaustion Attacks
Please submit your report to: ResponsibleDisclosure@Dentsuaegis.com