Privacy and Cookie Policy

Carat (referred to as “our”, “us” and “we” in this notice) is a trading division within Dentsu Aegis Network. We help our clients to improve how they advertise and market, whether by print, post, email or on websites. We believe that the responsible use of data supports business growth and builds strong relationships between brand and consumer. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We are committed to being transparent in our handling of personal information and processing personal information at all times in accordance with applicable privacy and data protection laws. This Privacy Notice explains in detail the types of personal information we may collect about you when you interact with us.  

 

This Privacy Notice explains the following:

 

  • The personal information we collect;
  • How we use this information;
  • How we store your personal information;
  • How we secure your personal information;
  • Whether we disclose or share your personal information;
  • Your choice regarding the personal information you provide to us;
  • Our responsibility for website links;
  • How to contact us.

 

In the Supplementary Information section of this Privacy Notice, we explain what is meant by “personal information” and other terms used in this notice.

 

The personal information we collect

We collect information about how you use our website and the device(s) you use to access our site. This includes collecting unique mobile device ID or the internet protocol (IP) address online identifiers, which are numbers that can uniquely identify a specific computer or other network device on the internet. This information is linked to a cookie ID, which we receive and process. You may find more information on our use of cookies on our separate Cookies Notice (below).

We also collect information about you if you make use of any of the interactive features within our website that rely on a personalised response, or where you ask us to respond to a query you have, or where you ask us to add your details to one of our alert or subscription services. The personal information we collect is limited to the details we need to provide the specific service or information you have asked for.  We do not collect sensitive information, such as your political or religious beliefs, ethnic background, sexual preference, health or any other sensitive information.

We do not actively seek to collect information about children aged 16 or under.  If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal information onto our Website, please contact us at privacy@dentsuaegis.com. We will delete such information from our records within a reasonable time.

How we use this information

Except where required by law, we only use the personal information you provide for the following purposes:

 

To deliver the specific information or services you have requested. For example, if you have requested further information on our services or content, or wish to subscribe to our alert service, or submit an enquiry through this site. We will only use the email address you provide to us to respond to that request. Without your express consent, we will not use your contact details for any other purpose.

 

We ensure that we always have an appropriate legal basis for processing your personal information. For the most part, the processing of your personal information is based either on a) our legitimate interests related to us providing you services you have requested or otherwise your customer relationship with us, or b) your consent, where requested. 

How we store your personal information

We are committed to ensuring your personal information is kept secure and confidential and not kept for longer than is necessary for the purpose they were processed. When your personal information is no longer necessary, it will be deleted.

From time to time we may ask other members of our group, or third party service providers, to help us manage our information technology systems. Some of these systems may be located in countries overseas, including countries located outside the European Economic Area (EEA).

We will only transfer your information to a third party service provider or overseas, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws. These measures may include the use of Standard Contractual Clauses, the EU-US Privacy Shield, Swiss-US Privacy Shield or your consent. You may request further information on the legal security measures used for such transfers via the contact details given in this Privacy Notice.

How we secure your personal information

We have implemented appropriate technical and organisational security measures to prevent accidental or unlawful loss, unauthorised disclosure of, or access to personal information. We also seek to ensure our service providers do the same.

 

Information Sharing and Disclosure

We do not sell or rent any personal information about you to any third party.

We may disclose personal information in response to a legal process, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, and as otherwise required by law. Our agents and contractors may have access to personal information to help carry out the services they are performing for us.

As stated above in this Privacy Notice, Carat is a trading division of Dentsu Aegis Network a globally operating media group consisting of multiple companies. Therefore, we may also from time to time disclose your personal information within the Dentsu Aegis Network group of companies. Some of our group companies are also located outside the EEA, but we always ensure the security of such disclosures and transfers in accordance with the applicable privacy and data protection laws.

 

Your rights regarding the personal information you provide to us

 

General rights

  • If you wish to stop receiving marketing communications from us then please click on the "unsubscribe" link at the bottom of the relevant mailing.

 

  •  Where you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent.

 

  • If you would like us to delete your information from our records, please contact us using the contact details below and we will respond within a reasonable time. Please note that we may be required to retain certain information by law and/or for our own legitimate business purpose.

 

Users from the European Economic Area

 

If you are from the European Economic Area, you have rights (with some exceptions and restrictions) to:

  • object to our processing of your personal information.  You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing;
  • access your personal information. If you make this kind of request and we hold personal information about you, we are required to provide you with information on it, including a description and copy of the personal information and why we are processing it;
  • request erasure of your personal information;
  • request correction or updating of the personal information that we hold about you and that is inaccurate;
  • request the restriction of our processing of your personal information in some situations. If you request this, we can continue to store your personal information but are restricted from processing it while the restriction is in place;
  • where you have provided your consent to our processing of your personal information, withdraw your consent to our further use of your personal information. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal information before you withdrew consent;
  • complain to your local data protection authority about our collection or use of your personal information. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.

 

If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

 

If you are from the European Economic Area and would like to exercise any of these rights in relation to any information we hold about you via this website please contact us using the contact details provided below. We will consider and respond to your request in accordance with the relevant law.

 

Our responsibility for website links

This Privacy Notice is limited to the personal information collected by Carat. We do provide links within this site to other websites, including social media sites such as Facebook, Twitter and LinkedIn and sites operated by other brands within the Dentsu Aegis Network Group (e.g. Vizeum, iProspect, Isobar and Posterscope). If you follow these links, you should use these sites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Privacy Notice. Further, we can have no responsibility for or control over the information collected by any third party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.

Updates

This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. If you do not agree to the changes, please do not continue to use our website and please refrain from sharing your personal information with us. You should check this notice frequently for updates. This notice was last updated in June 2018.

Contact us

If you have any questions about our approach to privacy or you would like to exercise any of the rights mentioned in this Privacy Notice you can contact our Data Protection Officer in any of the following ways:

 

Address: Data Protection Officer, Dentsu Aegis Network, Regent’s Place, 10 Triton Street, London, NW1 3BF

Telephone: (+44) (0) 207 070 7700

Email: privacy@dentsuaegis.com

 

SUPPLEMENTARY INFORMATION

In this Supplementary Information section, we explain some of terminology used in this Privacy Notice.

"personal information" – any information that relates to you (or from which you can be identified).

“processing” – means doing anything with data. For example, it includes collecting it, holding it, disclosing it and deleting it.

“European Economic Area" – the 28 countries in the European Union plus Iceland, Liechtenstein and Norway.

"transfer" – sending personal information outside the European Economic Area (e.g. by storing it on equipment located outside the European Economic Area), or allowing someone from outside the European Economic Area to access the personal information.

 

How we deploy “cookies”

Cookies are small packets of information stored by your web browser when you visit certain websites, including our website. Cookies are generally used by websites to improve your user experience by enabling that website to ‘remember’ you, either strictly for the duration of your visit (using a “Session” cookie which is erased when you close your browser) or for repeat visits (using a “Permanent” cookie). We do not use cookies to store any personally identifiable information about you.

Our site uses the following types of cookies:

Strictly necessary cookies

We deploy cookies to help us to identify how users navigate to and around our website and to enable some of the features within the site that may be beneficial to you (for example, language preferences, or print page features). This helps us deliver an effective online service to you. These are known as “First Party” cookies.

The strictly necessary cookies are listed below:

Cookie Name

Purpose

__RequestVerificationToken

This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.

 

Functionality Cookies

These cookies allow our sites to remember choices you make (such as user name, or region you are in) and provide enhanced, more personal features.  These cookies can also be used to remember changes you have made to text size, fonts and other parts of web page which you can customise.  The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

The functionality cookies are listed below:

Cookie Name

Purpose

language

This cookie is used to store language preferences, to serve up content in the stored language.

 

Performance cookies

We may also use cookies issued by third parties (“Third Party” cookies) to track the websites you visited or search terms you used immediately prior to visiting this site, or to collect information about how visitors use the site.  We use Google Analytics for this purpose.  Google Analytics uses its own cookies. These cookies don’t collect information that identify a visitor.  All information these cookies collect is aggregated and therefore anonymous.  It is only used to improve how the site works.  You can find out more about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies .

You can avoid the use of Google Analytics relating to your use of our site by downloading and installing the Browser Plugin available via this link: 

http://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

The performance cookies are listed below:

 

Cookie Name

Purpose

_gid

This cookie name is associated with Google Universal Analytics. This cookie stores and updates a unique value for each page visited.

_pk_id*

This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.

_gat

This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes.

_pk_ses*

This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.

_ga

This cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

JSESSIONID

This domain is third party performance cookie. It is controlled by New Relic, which provides a platform for monitoring the performance of web and mobile applications.

 

Social Media Cookies 

These cookies are used when you share information using a social media sharing button or “like” button on our site or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter or Google+.  The social network will record that you have done this.  This information may be linked to targeting/advertising activities.

The social media cookies are listed below:

Cookie Name

Purpose

Google DoubleClick

We use these cookies to measure the effectiveness of our online marketing campaigns; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.

 

Google Analytics

These cookies are used to collect information about how visitors use our website. We use the information to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.

Twitter

auth_token

twll

__utmz

secure_session

guest_id

__utma

remember_checked

remember_checked_on

 

Twitter uses cookies and other similar technologies, such as pixels or local storage, to help provide you with a better, faster, and safer experience. Like many websites, Twitter uses cookies to discover how people are using their services and to make them work better.

 

YouTube

SID and HSID

 

 

 

 

 

 

 

 

 

 

 

Demographics

 

 

 

 

 

VISITOR_INFO1_LIVE

 

 

 

 

 

PREF

 

 

 

 

 

 

APISID

SSID

LOGIN_INFO

YSC

SAPISID

 

 

YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. the HSID cookies is used by Google in combination with SID to verify Google user account and most recent login time.

 

 

 

 

This cookie is used for demographic profiling and targeting for advertising.

 

 

 

 

This cookie is used as a unique identifier to track viewing of videos.

 

 

 

 

This is a common Google cookie, used across several of their services. Stores user preference, can be used to personalise ads on google searches.

 

 

 

 

These cookies are used by YouTube to collect user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

 

 

 

How to reject cookies

If you don’t want to receive cookies, you can alter your browser settings.  The procedure for doing so varies from one browser application to another.  If you wish to reject cookies from our site, but wish to accept those from other sites, you may choose the option in your browser settings to receive a notice before a cookie is stored on your device.  Please consult the “Help” section of your browser for more information. 

 

To find out more, please consult the following:  http://www.allaboutcookies.org/manage-cookiies  and www.youronlinechoices.com .  By disabling cookies, you may be prevented from accessing some features of our site or certain content or functionality may not be available.  

 

 

CARAT.
Redefining Media.