Last Modified: 30 July 2021
En español aquí: https://www.cj.com/legal/privacy-policy-services-es
Hier auf Deutsch: https://www.cj.com/legal/privacy-policy-services-de
En français ici : https://www.cj.com/legal/privacy-policy-services-fr
CJ is an affiliate marketing company. We are part of the Publicis Group, headquartered in France but with operations around the world. Our advertising services help online publishers and advertisers find customers and keep the internet free. We encourage you to read the whole notice but if you wish to jump to a certain subject, please use the table below.
- Privacy commitment and scope of this Privacy Policy
- What Personal Data do we process?
- How Personal Data is used and lawful basis
- Who do we share Personal Data with?
- How long do we keep Personal Data?
- Security
- Changes to this Privacy Policy
- Definitions used in this Privacy Policy
Throughout this Privacy Policy we use several capitalised terms. You can find the definitions for these here.
This Privacy Policy (“Privacy Policy”) describes how Personal Data is collected and used by CJ when providing our Services. We care about your privacy and we want you to understand how we process Personal Data and what choices you have with regards to it. We have taken steps to provide you with this information as clear and easy as possible, but if you have any questions you can always contact us.
We believe that data protection is essential to the growth and prosperity of the Internet and that a great online experience can provide significant benefits to users if done properly. In accordance with these believes, CJ creates results for publishers and advertisers in revolutionary ways without compromising users’ privacy or data protection.
By getting familiar with this Privacy Policy, you have taken the first step in understanding how advertising businesses such as ours help contribute to the Internet’s ability to remain a diverse ecosystem of free content, as well as provide a better digital browsing experience.
When a consumer visits websites and mobile applications, there are almost always third parties working behind the scenes to help provide a great digital experience. CJ is one of these companies and we provide the affiliate marketing that keeps your favourite blogs free, your favourite stores in business, and your advertising experience more relevant. Please watch this video to learn more about CJ and affiliate marketing.
Affiliate marketing is the process of a publisher (for example a blog or a news site) earning commission by promoting products or services of advertisers (for example a retailer). Publishers will promote products or services from advertisers to visitors of their websites or mobile applications and earn a piece of the profit for each sale generated. CJ operates an affiliate network, which helps publishers and advertisers connect with each other. An affiliate network acts as an intermediary between publishers and advertisers to help them find advertising programs which are suitable for their needs and channels, and makes sure the right party is rewarded for an effective referral or marketing effort. To make some of these things possible, and to make smarter decisions, we need to use information that is considered Personal Data.
We will only place our own Cookies or otherwise access a consumer’s device directly if we have been provided with consent to do so, as required by the ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR). However, certain essential Cookies do not require consent. This includes Cookies that are essential to comply with the GDPR’s security principle as well as Cookies that help ensure that content of a page loads quickly and effectively by distributing the workload across numerous computers.
Examples of situations where essential Cookies are used are when we need to identify a consumer to be able to provide them with loyalty points or cash back. If a consumer has requested loyalty points or cash back from one of our partners, we need to access the consumer's device to create/read a Cookie ID so that we can ensure that the loyalty points or cash back are provided to the correct consumer. In these situations, accessing the device is strictly necessary to provide the consumer with a service they have requested.
The majority of the Personal Data CJ processes is machine-generated. We do not collect any Personal Data that directly identifies a consumer. As CJ's data processing activities do not require the direct identification of a consumer, CJ only holds what is known as “Pseudonymised Personal Data”. Pseudonymised Personal Data is Personal Data that cannot be attributed to a specific consumer without the use of additional information. Using Pseudonymised Personal Data can reduce the risks to consumers, while also help companies like CJ meet their data protection obligations.
Using only Pseudonymised Personal Data lets us see and follow a consumer’s journey from a publisher to an advertiser, but without revealing who that consumer is in a traditional sense by using name, address or email. In other words, we cannot directly identify a consumer using the Personal Data that we process. We have no interest in or need to know those details about any particular consumer.
When a consumer visits and interacts with a website or mobile application that participates in our Services the following information might be collected and transferred to us:
· Browser and device information. This includes information such as user agent string which provides browser type and version, Cookie ID, click, impressions, time stamp, IP address, referring site URL and current site URL.
· Transactional Data. This includes information that described the online purchases and actions made by a consumer, Order ID, order information like products and services and online timestamp.
CJ primarily uses Personal Data for the purpose of attributing a referral or a marketing effort on a publisher website or mobile application to a transaction with an advertiser. We do this to enable advertisers to reward publishers on a per-transaction basis for their marketing efforts. It also allows CJ to provide publishers and advertisers with related reports and analytics. Most of these reports contain only aggregated statistical data.
We do not use Personal Data to make predictions or evaluations of a consumer’s interest, and we do not use Personal Data to create advertising profiles.
Please see our full purposes and lawful bases below.
|
Purpose |
Lawful basis |
|
To identify consumers, including trying to determine what devices are likely to belong to a consumer and trying to distinguish their device from other devices, so that we are able to provide commission accurately to participants of our Services. |
Legitimate interest |
|
Support reporting and analytics to participants of our Services on the transactions made. |
Legitimate interest |
|
Improve existing systems and software and to develop new products. |
Legitimate interest |
|
Monitor for and prevent fraudulent activity as well as ensuring systems and processes work properly and securely. |
Legitimate interest |
In support of the purposes above we use Personal Data that we hold to determine whether different devices are likely to belong to the same consumer, and to distinguish their device from other devices based on information the device automatically sends, such as IP address or browser type. This helps us understand whether the same consumer starts a transaction on one device and completes it on another. We do this to make sure we can provide commission to the referring publisher accurately.
CJ’s legitimate interests for the purposes above include: providing our Services; ensuring that participants of our Services (publishers and advertisers) are paying and are being compensated for traffic and transactions generated through our Service; and ensuring participants (publishers and advertisers) are only paying and being compensated for traffic and transactions by a natural person (e.g. not a bot). Further information can be provided upon request.
If a consumer has requested loyalty points or cash back from one of our partners, then we need to process Personal Data for the purposes above so that we are able to provide the consumer with the loyalty points or cash back that they have requested. In those cases, the processing is necessary for performance of the contract that the consumer has with one of our partners regarding loyalty points or cash back.
We share your Personal Data:
- With companies within the Publicis Groupe for the purposes above,
- With participants of our Services (publishers and advertisers) so that they can verify that they have either paid, or have been compensated with, the correct amount,
- With our processors,
- Third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings) and
- As we believe necessary and appropriate: (a) under applicable law; (b) to comply with legal processes and obligations; (c) to respond to requests from public and governmental authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
We retain all Personal Data in accordance with our data retention policy which abides by applicable law. The retention period depends on the type of data. For example, we retain Pseudonymised Personal Data for up to six (6) years.
We understand that you may be interested to know what Personal Data we hold about you (access). You can view this information and even delete it if you choose to do so by clicking here.
If you wish to exercise any other rights you might under Data Protection Laws (including rectification, portability and restriction), please contact us.
In situations when we rely on consent you have the right to withdraw your consent at any time. If you have provided CJ with consent to place our own Cookies or otherwise access your device directly, you have the right to withdraw such consent at any time. You can do so by clicking on “Review Consent Preferences” in the footer of our website and follow the instructions.
In order to provide our Services, we transfer Personal Data to, and Process Personal Data in, countries outside the European Union (EU), the European Economic Area (EEA) and the United Kingdom. More specifically our servers are located in the United States, and our processors operate around the world including the United States and India.
We have taken appropriate and suitable safeguards to ensure that your Personal Data will remain protected when transferred outside EU/EEA and the UK. This includes implementing Standard Contractual Clauses for transfers of Personal Data adopted by the European Commission and/or the United Kingdom. Further information about our international transfers as well as the safeguards in place can be provided upon request.
We have implemented appropriate technical and organisational security measures to protect the Personal Data in our care, both during transmission and once we receive it. This includes physical and technical security measures to protect our Personal Data from accidental or unlawful destruction, loss, or alteration, and from unauthorised disclosure or access. Although please note that no method of transmitting information over the Internet or storing information is completely secure.
Epsilon International UK Ltd is the controller of the Personal Data that we process as described in this Privacy Policy. If you have any question about the processing, please email us.
Our Data Protection Officer is tasked with informing and advising us on the obligations that apply to us under Data Protection Laws, as well as monitoring our compliance with the same. If you need to contact our Data Protection Officer, please email us here. However, we respectfully ask that you only contact our Data Protection Officer regarding urgent matters relating to data protection.
As an EU resident, you have the right to report a concern to your country’s Data Protection Authority. The same applies if you are a UK resident, please visit the Information Commissioner’s Office’s website for contact information. However, we respectfully request that you contact us first so that we can assist you.
We may occasionally make changes to this Privacy Policy. If we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and update the “Last Modified” date above.
“CJ” means Epsilon International UK Ltd with company number 03610044, whose registered address is 1st Floor 2 Television Centre, 101 Wood Lane, London, England, W12 7FR.
“Cookies” are small text files that are downloaded and stored onto your device (e.g. a computer or smartphone). Cookies allow us to recognise your device and store information about your preferences or past actions. In this Privacy Policy the definition of “Cookies” includes similar technologies that can write or read information on your device such as “Local Shared Objects” (sometimes called Flash Cookies), pixels and web-beacons. Please click here for more details on the Cookies we set for our Services.
“Data Protection Laws” means (i) EU Regulation 2016/679 and the UK General Data Protection Regulation (UK GDPR) as tailored by the UK Data Protection Act 2018 (together “GDPR”); (ii) EU Directive 2002/58/EC (ePrivacy Directive); (iii) the UK Privacy and Electronic Communications (EC Directive) Regulations 2003; and (iv) any and all applicable national data protection laws made under or pursuant to (i) or (iii); in each case as may be amended or superseded from time to time.
“Personal Data” means any information relating to an identified or identifiable natural person. Information such as name, identification number, location data and an online identifier is considered Personal Data.
“Services” means the affiliate marketing services that we provide to publishers and advertisers in more detail described above.