Our Privacy Principles

Consumer privacy is a top priority for Retail Media Labs. We rely primarily on demographic and aggregated data from which we cannot directly identify people, and we maintain appropriate limits on access to data about specific individuals where we hold it.

Our internal policies and procedures conform to applicable laws and industry standards globally. They also incorporate the principle of Privacy by Design—a commitment to include appropriate privacy protections in the design and implementation of our products and services.

The practices described in this Privacy Statement are undertaken by Storyworlding’s group of companies operating together around the world.

We deploy consumer-friendly privacy controls that are easy to find and easy to use. We believe in responsible stewardship of data, and we are continually striving to improve our own practices and maintain a high standard for our industries. Learn more about specific practices followed by different areas of Retail Media Labs business.

Privacy By Design

While developing our products and services, we assess their potential impact on personal data and embed appropriate privacy protections into our data processing activities, taking into account the other privacy principles described below.

Trust and Accountability

We are committed to responsible stewardship of the data under our control and to compliance with all applicable data protection laws that regulate the collection, use and disclosure of data about individual people. Retail Media Labs internal privacy team oversees compliance with applicable privacy laws, self-regulatory programs that we participate in, and our internal privacy policies.

We use tools and methods designed to prevent individuals from being identifiable in our reports and insights, and we take steps to prevent the data we collect from being reused in ways that have not been communicated to individuals and/or could negatively affect them.

Meaningful Notice and Choice

We provide clear notice about what data we collect and how we use it. We offer choices about our data collection at a time and in a context that reflect the sensitivity of the data being collected. Panelists and survey respondents agree to the collection and processing of their data and may withdraw their participation at any time. Individuals also have the ability to opt out of our online and mobile data collection at any time.

Data Quality

We are continually working to maintain the personal data we collect so that it is complete, accurate, relevant and up to date.

Data Minimization and Collection Limitation

Following the concept of data minimization, we limit the collection of personal data to the extent possible while still enabling us to derive meaningful and accurate measurements and insights.

• When we use direct identifiers, we limit access to such information both internally and externally and implement appropriate data security measures, which are designed to protect individuals’ privacy.
• Before we obtain third-party data, we review the third party’s data collection practices and the privacy notices that are made available to individuals to make sure that our use of the data is consistent with the commitments those companies have made to individuals.
• When we have removed identifying elements from the data that we collect, we take steps to prevent the data from being re-associated with identifiable data.

Limited Use and Retention

We restrict access to and use of personal data to Retail Media Labs associates and service providers with a legitimate business purpose. We have established records retention policies to limit how long we keep personal data.

Access, Correction, Erasure, & Portability

We provide individuals with reasonable opportunities to access the personal data Retail Media Labs holds about them and correct it if it’s inaccurate. Depending on your country or state (US) of residence, under applicable law individuals may have various additional rights with respect to personal data processed. Rights may include one or more of the following:

• To request confirmation as to whether or not personal data is processed, and, where that is the case, access a copy of the data we hold and to request it is updated or corrected where it is inaccurate;
• To object to processing of personal data; 
• To propose other restrictions on the processing of personal data; and
• To request that personal data is deleted (where applicable).

Individuals that are interested in exercising one or more of the rights described above can submit a request using the form here or contact us at support@retailmedialabs.com. Retail Media Labs does not discriminate against individuals who exercise their rights under applicable law.

Only the individual data subject or an “Authorized Agent” permitted to act on their behalf may submit a request.  An “Authorized Agent” means a natural person or a business entity that has been properly authorized to act on the individual’s behalf.    Please note, we may deny a request from an Authorized Agent if they do not submit proof that they have been authorized by the individual data subject to act on their behalf.  

A request must:

Provide sufficient information that allows us to reasonably verify that the requestor is the person about whom we collected personal data or their Authorized Agent; and include sufficient detail to allow us to properly understand, evaluate, and respond to it.  

We cannot respond to a request or provide personal data if we cannot verify the identity of the requestor or their authority to make the request.  To verify a requestor’s identity, we will match data provided when the request is submitted to any personal data we already maintain. 

Additional information for users in the EU/EEA: 

Individuals that have questions or concerns about Retail Media Labs collection and processing of personal data can contact our EU Data Protection Officer at support@retailmedialabs.com.  Individuals that are dissatisfied with the way Retail Media Labs has processed personal data or any privacy query or request that they have raised to us have the right to complain to the Supervisory Authority in their country of residence or the location where the issue that is the subject of the complaint occurred.  The contact details of all the EU national Supervisory Authorities can be found by visiting: EU National Data Protection Authorities.

Children’s Data

We comply with applicable laws regarding the collection of data about children. When we collect personal data from children, we do so with parental consent, which can be withdrawn at any time.

Cross-Border Transfer

We respect applicable local laws regarding cross-border transfers of and access to personal data.

Disclosure of Data to Third Parties

We do not sell data that directly identifies individuals, and we contractually prohibit our clients from re-identifying individuals from the de-identified data that we provide them (e.g., survey statistics).

Furthermore, we contractually prohibit recipients of our data from using it to make decisions regarding credit, insurance, housing, employment or other legal effects on individuals. We contractually require service providers that have access to our data to keep it secure and use it to perform only the services they have been engaged to provide.

We will provide data to government and law enforcement entities to the extent required by applicable law, to protect Retail Media Labs legal interests and, where needed, to protect the health or safety of others.

Data Security

We implement multi-layered organizational, technical and administrative measures that are designed to protect the personal data under our control.

These include, among other things: limiting access to data; using technology measures like firewalls, encryption, malware protection and intrusion detection; maintaining policies that are aligned to a wide variety of legal requirements; and holding our associates accountable for maintaining safe data-handling practices and adhering to our internal policies.

We have a global organization of qualified data security professionals and engage in regular system testing and updating of our controls to keep pace with changing technology and security threats.

Global Reach, Local Touch

We are committed to respecting the diverse cultures and local laws of the countries in which we operate.