0
1
0
1
2
3
4
5
6
7
8
9
0
0
1
2
3
4
5
6
7
8
9
%

Global Privacy Policy (English)

Last Updated: 2 October 2024

Select language

Choreograph is a global data and technology business providing a variety of data driven marketing solutions to clients across its suite of products and services. We are a WPP company and work closely with the other companies across the WPP network, including GroupM and its agencies and other speciality businesses such as GroupM Nexus and Resolve Aps as well as utilising some of GroupM technologies and products. For more information about WPP click here and GroupM, click here.

The purpose of this privacy policy is to provide you, the consumer, with information about how we may collect and handle your personal information (sometimes called “personal data” or “personally identifiable information”). This covers both online and offline personal information as explained in our Consumer Preference Portal.

This is a global privacy policy. If you are accessing this policy from the EU please also read the section about Privacy Rights of individuals in the UK, EEA and Switzerland. If you are a Californian resident please also read the section about Privacy Rights of individuals in California.

Other privacy policies

This privacy policy does not cover personal information collected when using Choreograph’s website at www.choreograph.com. This information can be found here.

If you want to learn about how your personal information has been used in the recruitment process you can find the recruitment privacy policy here.

We would encourage you to read the entire privacy policy, however if you would prefer to use the contents links below these will take you to the individual sections:

Our services

This section provides information about the services we offer our Clients. Our “Clients” are businesses who deal directly with consumers, such as advertisers who sell their products and services to consumers. We do not offer our services directly to consumers. We work directly with Clients, or through an agent (such as a data or media buying agent) who act on behalf a Client.

Our Clients use our services to help them deliver effective and relevant advertising online and offline to consumers. We help advertisers understand their current customers’ interests, preferences and needs and also help them find prospective new customers across all media channels. Our services give Clients a unified and holistic view of their current and prospective customers, and allows them to deliver advertising to consumers who are more likely to be interested in their products and services.

Data Onboarding Data Enrichment Planning
Data Hygiene Insights Activating
Data Matching Modelling Optimization
ID Resolution Segmenting Measuring & Reporting
Profiling
Simulating

For a description of each of the services listed above, please see Purposes of processing.

Information that we collect

We collect and use a variety of information which includes personal information when providing our Services:

identifiers (“IDs”).

  • Offline IDs including full name, phone number, telephone number;
  • Online IDs including email address, IP address, Cookie IDs, Device IDs including Mobile Advertising IDs (MAIDs) such as Apple’s “IDFA” and Google’s Advertising ID;
  • Choreograph’s proprietary ID(s) that uniquely identify consumers in its own identity environment, including “K-LINK”, “ChoreoID”, “[mP]ID”; and
  • Other IDs that we may receive from third parties, including survey or panel IDs of consumers responding to a survey, or IDs from third party onboarding partners.

transaction and purchase data including product category (e.g., jewellery, apparel, pets, travel, sports) and purchase details (e.g., number of orders, value spent, payment type, method of purchase). We do not collect bank details, credit card details or other financial account level details. We also use modelled transaction data about a consumer’s likelihood or “propensity” to buy a particular brand or product.

device and browser information including type of browser and version, browser language, operating system, and connection type (e.g., wired or Wi-Fi).

online activity information including page URL (or category of page URL), site/page a consumer came from before viewing an advertisement, date and time of online activity, frequency of visits to a site, search terms used on a site, and interaction with an advertisement (e.g., whether you click on an advertisement) as well as the content of the advertisement, and interaction with content on an advertiser or publisher site, including product information stored as a “Product ID”.

demographic information including age, gender, income, marital status, household status, education.

psychographic information including interest, lifestyles, attitudes, personalities.

location data including postal address, IP address (which is converted into country, region, or postcode/zip code level location data) and latitude/longitude data of properties/houses (in the US).

Sensitive data including gender identity, sexual orientation, disability, religion, ethnicity, health data (see below).  Choreograph does not permit sensitive data to be used for targeting or retargeting.

Health data information about health conditions or treatments at an individual level.  Our health data does not include any “protected health information” (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA).

Not all the information listed above is collected and used in all regions in which the Services are offered. If you would like to find out what personal information we hold about you, please use our Consumer Preference Portal.

How we use this information

The table below describes the purposes for which we use different types of information when providing our Services. For a description of each of these purposes, see more detail in the section Purposes of processing. In addition to the purposes set out below, we may use all or a combination of the information we collect to detect or prevent fraud, to defend our legal rights and comply with the law.

Information Type How we use this information
Data Onboarding Data Hygiene Data Matching ID resolution
Full Name Postal Address Email Address Phone Number
Online IDs including IP address, Cookie ID, MAID, device ID
Survey or panel ID ✓ (suppression)
Survey responses
Purchase and transaction data
Device and browser information
Online activity information
Location information
Sensitive data
Information Type How we use this information
Data enrichment Insights Modelling Segmenting Profiling Simulating
Full Name Postal Address Email Address Phone Number
Online IDs including IP address, Cookie ID, MAID, device ID
Survey or panel ID
Survey responses
Purchase and transaction data
Device and browser information
Online activity information
Location information
Sensitive data  ✗  ✗  ✗
Information Type How we use this information
Planning Activating Optimization Measuring and Reporting
Full Name Postal Address Email Address Phone Number
Online IDs including IP address, Cookie ID, MAID, device ID
Survey or panel ID
Survey responses
Purchase and transaction data
Device and browser information
Online activity information
Location information
Sensitive data  ✗  ✗

 

Purposes of processing

Purposes of processing Description of the purposes
Data Onboarding Bringing Client’s data into Choreograph’s data environment or a third-party hosted clean room environment. Bringing third party licensed data into Choreograph’s technology platforms.
Data Hygiene Cleaning Client’s data including merge/purge, address standardization and suppression.
Data Matching Matching Client’s data to consumers held in Choreograph proprietary database. Matching offline to online data, such as data collected offline (e.g. name, postal address etc) to your online activity or online IDs (e.g. device ID, cookie ID etc). Matching across different devices to determine that two or more devices belong to the same user or household
ID resolution Creating a Client-owned single customer view across known and unknown customers. Assigning a unique ID to consumers, including Choreograph’s proprietary ID.
Data enrichment Enhancing Client data by adding (or appending) consumer data from Choreograph’s proprietary database
Insights Using a collection of data to understand or gain insight into consumers’ interests, motivations, behaviours and preferences. This may be at an individual consumer level, or an aggregate group or population level
Modelling Creating models (or a set of “rules”) which predict consumer behaviours or indicate likely characteristics about consumers.
Segmenting Creating groups of consumers (sometimes called segments, audiences or lists) who share the same or similar attributes, conditions, needs or preferences based on actual or inferred information.
Profiling Labelling or describing consumers based on their likely characteristics, behaviours and/or demographics., which is used in modelling, segmenting, and activating.
Simulating Testing potential outcomes of marketing by simulating population behaviour using Client data and Choreograph data.
Planning Planning the buying of media across all channels, including using automated tools
Activating Delivering audiences to media buying and social platforms for online advertising. Delivering lists to Client’s or third-party fulfilment houses for offline advertising (e.g., mail, phone).
Optimization Creating ads that are relevant to consumers based on interests, location, language preferences etc
Optimizing ads (including in real time) with other data (such as weather information, previously viewed products etc)
Understanding consumer journey from first contact to sale/retargeting to personalize consumer experiences
Measuring and Reporting Measuring and reporting on advertising campaign performance

 

Sources of information

We source information from a variety of sources, including:

  • From our Clients, who may use our Services to onboard their data into our platforms and use our cookies and pixels to collect data from consumers visiting Clients’ web and app properties. For more information about the cookies we use, see section on Cookies.
  • Directly from consumers, including from consumers who agree to participate in our surveys (or surveys administered by our third-party partners) and by using cookies, pixels or other similar online technologies on web and app properties.  We only collect sensitive data through consumer surveys, where consumers have voluntarily provided information (or in the case of ethnicity data, modelled from demographic or geographic information).   For more information about the cookies we use, see section on Cookies.
  • From different parts of our business. For example, we take transaction information contributed by members of our cooperative businesses (i-Behaviour and Conexance) and convert this information into general product categories e.g., “Women’s Apparel”, and “Recency”, “Frequency”, and “Monetary” metrics, such as last order date for women’s apparel, number of orders for women’s apparel in last 12 months, total amount spent and average spend value for women’s apparel in last 12 months etc.
  • From public records, where available in certain countries, such as occupational and recreational licenses (e.g., fishing licences), postal records (for address standardisation), suppression lists (e.g., do not call registries), and census records.
  • From our trusted third-party partners. Some of these partners may combine data from a variety of sources.

Cookies

This section describes cookies that we use when providing our Services to Clients, including for interest based or behavioural advertising. This includes cookies that may be placed on your browser when visiting our Clients’ web properties or we properties that display on our Clients advertisements. For cookies we that we use on our corporate website, please see our Cookies Policy.

A cookie is a small alphanumeric text file that is stored in a browser by a web site or by a third-party ad server or other third party which allows that web site or third party to recognize that browser and remember certain information about the user. Our cookies are persistent (meaning they are stored until they expire or are deleted/removed by a user) and contain unique randomly-generated values that enable our Services to distinguish browsers and devices and are associated with certain information about a user. Our cookies, together with this associated user information, are used in the performance of our Services, including for interest-based advertising.

The following table provides information about our cookies.

Cookie name Domain Cookie lifetime Does the cookie refresh? Information stored in cookie Use cases Purposes registered under IAB Transparency and Consent Framework (GDPR only)
id mookie1.com 395 days Yes Universal serial number Activating
Optimization
Reporting
Measurement (attribution)
Security
1, 2, 3, 4, 5, 6, 7, 8, 9, 10
ov mookie1.com 395 days Yes Unique identifier Reporting
Measurement (attribution)
Security
1, 7, 8, 10
mdata mookie1.com 395 days Yes Unique serial number
Creation timestamp
Cookie version
Activating 1, 2, 3, 4, 5, 6, 10
syncdata_<PARTNER> mookie1.com 10 days Yes Unique serial number
Creation timestamp
Data partner’s visitor id
Data Matching
Activating
1, 2, 3, 4, 5, 6, 10
ibkukiuno ib.mookie1.com 365 days Yes Hashed email
Session Id
Choreograph ID (called “Velo Id”)
Last date cookie was used
Offerpath Id
Velo profile lookup method
Email hash lookup method
Date cookie created
Times cookie has been seen
N/A
ibkukinet ib.mookie1.com 365 days Yes IP address
Date
N/A
src0_xxxx d.lemonpi.io 30 days Yes ID of products that a consumer has viewed on advertiser’s website Optimization N/A
lpc d.lemonpi.io 30 days Yes Timestamp
Conversion ID for an advertiser’s campaign
Optimization, Reporting N/A
lpuid Lemonpi.io 365 days Yes Unique user ID Data Matching N/A
_ud Lemonpi.io 30 days Yes ID of products that a consumer has viewed, basketed and/or purchased on the advertiser’s website. Optimization N/A

In an app environment, your device will be assigned an Advertising ID (rather than a cookieID). This is an alphanumeric identifier made available by a platform or operating system (such as Apple iOS or Google Android) that allows application developers and third parties to recognize a particular device in an application environment and associated certain information to a user. Examples of Advertising IDs include mobile Advertising IDs (MAIDs) such as Apple’s “IDFA” and Google’s Advertising ID.  An Advertising ID together with user information it collects is used in the performance of our Services, including for interest-based advertising.

How we share information

Sharing information in the provision of our Services

Clients: We use the information described in this privacy notice to provide Services to our Clients (or agents acting on behalf of Clients), which may include sharing, licensing or allowing our Clients access to the information. For our cooperative database (i-Behaviour and Conexance) we share information within the cooperative to participating members of the cooperative, as well as with other parts of the Choreograph business (see section on Sources of information describing how we obtain information from other parts of our business).

Internal Group companies: We also share information internally with our group companies WPP and GroupM, and their agencies which include, Mindshare, MediaCom, Wavemaker, Essence, m/SIX, GroupM Nexus, GTB and CMI.

Service Providers: We also share information with third-party providers that perform services and functions on our behalf and/or on behalf of our Clients in the provision of the Services such as companies that are responsible for the delivery of advertising including demand-side platforms, advertising networks, advertising exchanges, and ad servers, as well as fulfilment houses for offline marketing campaigns, providers involved in technology or customer support, operations, web or data hosting/storage, billing, accounting, security, marketing, data management, validation, enhancement or hygiene, or otherwise assisting us to provide, develop, maintain and improve our Services and products.

Advertising and Marketing Companies: We may share your personal data with companies operating in the advertising and marketing sector which they will use for their own commercial marketing and business purposes.

Other: For Choreograph Create, we may share creative video content with YouTube via YouTube API Services to be displayed on YouTube’s platform for the benefit of our Clients. The YouTube Terms of Service (https://www.youtube.com/t/terms), Privacy Policy (http://www.google.com/policies/privacy), and YouTube API Services Terms of Service (https://developers.google.com/youtube/terms/api-services-terms-of-service) apply to these services. We take no responsibility for the content or privacy practices of any third-party services. We encourage you to carefully review the privacy policies of any third-party services you access. You can revoke the access of YouTube API Services via the Google security settings page at https://myaccount.google.com/permissions.

Sharing information for Legal Purposes

We may share personal information with third parties (including law enforcement, auditors, and regulators) to:

  • Comply with legal process or a regulatory investigation (e.g. a subpoena or court order).
  • Enforce our terms of service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof.
  • Respond to claims that any content violates the rights of third parties.
  • Protect the rights, property or personal safety of us, our platform, our clients, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.

Sharing information for corporate purposes

Transfer of data upon change of control: In the event that another company acquires us, or all or substantially all of the assets of our business, through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all information (including any information you may have provided through the “contact us” page) that is in our possession or under our control to the acquiring party, and that information may be used by the acquiring party in its business.

Sharing information in a corporate transaction: We may also share personal information in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.

Data security

Maintaining the privacy of consumers’ personal information is very important to us which means we take care and pay special attention to our security measures to protect this information from data breaches. We follow industry standards to protect against the unauthorized access to, retention of, and disclosure of information. This includes physical, electronic, and management activities to protect information integrity, access, and use.

Choreograph recognizes the importance of a comprehensive data security program, and the need to ensure the data we process is maintained accurately and securely. We employ technical, organization, and administrative safeguards to protect the information we hold. We use multiple layers of security, combining state-of-the-art firewall protection, strictly controlled access and other security measures to guard against unauthorized use or alteration of our data.

Retention

Choreograph follows WPP Data Retention and Information policy and doesn’t retain any data which is not required for our day-to-day business or to provide services to our clients. Our retention period will vary and depends on the type of data, the purpose it serves in delivering products and services to our client and to comply with client contractual obligations. In all cases we comply with respective laws and regulations, contractual obligations and delete the data when required to do so.

Choreograph may also store and retain personal data that has been deidentified or fully anonymised so it is no longer personal data. This may be data which is aggregated so that it no longer identifies an individual, and is used primarily for insights and planning purposes.

International transfers of personal information

Choreograph is a global company and provides its Services to Clients across multiple regions and countries.

Where possible we store personal information locally, for example in the EU (for EMEA and UK), Taiwan, Singapore and China (for APAC) and US (for North America), depending on the location of the consumer.

However, we may need to transfer personal information outside of these locations in the following scenarios:

  • When we are required to transfer information to our Clients or our Service Providers to locations other than where our data is stored.
  • When our engineering or support teams need to “access” (including remote access) personal information outside the location they are based to build, maintain, and/or monitor our systems and platforms.
  • When we have a cross functional or cross agency team providing the Services, who may be based in different locations and need to access the personal information from various locations.

When we make these international transfers, we ensure they comply with all applicable local data protection and privacy laws.

Membership to industry associations

Choreograph is an active member of industry associations that govern the policies around online consumer privacy in the context of internet-based advertising, including: the Digital Advertising Alliance (DAA), the European Digital Advertising Alliance (eDAA) and the IAB Transparency and Consent Framework (IAB TCF). Choreograph complies with the DAA Self-Regulatory Principles and the IAB TCF Policies. We believe that these codes and principles help protect consumer privacy.

Please visit our Consumer Preference Portal for more information about how to exercise your privacy rights through the DAA opt-out mechanism.

 

Consumer preference portal

Choreograph is committed to providing privacy first solutions for our Clients and embed privacy into the design of our products and Services. We recognise the control that you should be given in relation to decisions we make about how your personal information is used. This preference centre has been built to provide you with a simple, transparent process to exercise your rights under privacy regulations.

We want to give you as much information as possible to make an informed decision. There are a number of different ways you can exercise your rights through this portal. The different methods will depend on the country you live in and the type of data we hold about you.

Due to the nature of the Services we provide to our Clients we handle your online data and your offline data differently. For more information about our Services please read the section of the privacy policy on Our Services. This Consumer Preference Portal can be used to exercise your rights in relation to both offline and online data. We will try and respond to your request as soon as possible, but in any event, within the timeframes required under privacy laws in your country.

Your information

We have created a user-friendly portal for you to control how we use your digital personal data.  This includes both personal data we collect about you online, and may include online IDs, device and browser information, online activity information, and location data (see section x for a description of these types of data) and your personal details such as your name, telephone number and postal address.

The type of personal data we collect may change depending on where you are located as we don’t provide all our Services in all regions.   To find out more about what data we hold about you, and how you can manage your data please click here.  The choices you make through our portal about how we can use your digital personal data will only apply to the specific browser or device you are using. For other ways to exercise your rights, see below.

However, if you are located in China please email privacy@choreograph.com to manage your data and exercise your rights.

How we use your information to verify your identity

We may ask you to provide ID to verify your identity before we release the data to you, we do this to ensure we only provide you with your information and protect it against unlawful third-party access. We will not share or use your identification in any of our Services or for any purpose other than verifying your identification.

Other ways to exercise your rights

In browser environments you may refuse or remove cookies via the following methods:

  • Adjusting your browser settings to refuse or remove cookies, by following the directions provided in your browser settings. Further information about how to do this is available here.
  • Adjusting the cookie settings at the level of the web site owner. These setting options may vary by web site owner.
  • Opting out of interest-based advertising through the Digital Advertising Alliance’s (DAA) “YourAdChoices” program for web environments, available here:
    – For US – https://optout.aboutads.info/?c=2&lang=EN
    – For Canada – https://youradchoices.ca/en/tools
    – For Europe and UK – https://youronlinechoices.com/ (by clicking the “Your ad choices” link after selecting where you are located)

You may also limit ad tracking in mobile and Over The Top (OTT) TV device app environments connected to your Advertising ID via the following methods.

  • Going to the privacy setting on your mobile device and/or your OTT TV device and selecting “Limit Ad Tracking” to stop interest-based advertising via the applicable Advertising ID. Note: you should consult instructions provided by your device manufacturers for the most effective and up-to-date methods for opting out of interest-based advertising via your devices.
  • Opting out of interest-based advertising through the Digital Advertising Alliance’s (DAA) “YourAdChoices” program for app environments, available here:
    – For US – https://youradchoices.com/control
    – For Canada – https://youradchoices.ca/en/tools

Privacy rights of individuals in the UK, EEA and Switzerland

You have the right to access, update, change, delete, restrict the use of, or obtain a copy of your personal information in an easily readable format. In certain circumstances, you may also request that Choreograph transfer your personal information to a third party, and the right to object to its use for marketing purposes. Where processing of your personal information is based on your consent, you also have the right to withdraw this consent at any time. Please note that your withdrawal of consent will not affect the lawfulness of our processing of your personal information prior to withdrawal of consent.

If you wish to exercise any of these rights please use our Consumer Preference Portal or email us at privacy@choreograph.com.

You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information.

Privacy rights of individuals in California

View here.

Privacy rights of global users

We have provided a mechanism to enable all consumers, regardless of your region to opt out of future processing and request deletion of your personal information through our Consumer Preference Portal. If you have any question about how to exercise these rights please contact us at privacy@choreograph.com.

Children’s data

We don’t collect data on children under age 13. We have implemented reasonable steps to prevent us from obtaining children’s data through our data sources. If you believe your child, or anyone else, has provided information about themselves and would like it deleted from our database, you can contact us at DPO@choreograph.com . If we become aware we’ve collected information about a child under the age of 13, we’ll delete it.

How to complain

If you have any complaints or wish to contact us, please use the Contact Us section and we will do our best to address any complaints or worries you may have about how we collect and handle your Personal information.

If for whatever reason you don’t feel like we have adequately addressed your concerns you can contact the applicable Data Protection Authority or Supervisory Authority in your jurisdiction and make a formal complaint.

Contact us

We have tried to be as clear as possible in this Privacy Policy but if there is anything you do not understand or would like further information please contact us at privacy@choreograph.com, or you can exercise your rights through the Consumer Preference Portal.

In the European Economic Area (EEA) and Switzerland the Choreograph legal entity responsible for the data that Choreograph collects is Choreograph Limited. Outside of the EEA and Switzerland the responsible legal entity is Choreograph LLC. If you are an individual residing in the EEA or Switzerland you should be aware that our DPO can contacted at dpo@Choreograph.com.

If you have questions, comments or concerns about this policy you can reach us by email or mail at:

Europe:
Choreograph Limited
DPO@choreograph.com
Choreograph, Sea Containers, 18 Upper Ground, London, SE1 9PT– Attn: Data Protection Officer

Outside Europe:
Choreograph LLC
Privacy@choreograph.com
Choreograph, 3 World Trade Center, 175 Greenwich Street, New York, NY, 10007, USA – Attn: Director of Privacy

Changes to policy

Please note that because of the changing nature of privacy laws and regulations, digital technologies, and our business, we may modify this Privacy Policy from time to time. Please review this Privacy Policy periodically to become aware of any changes that may have occurred (we will update the effective date at the top of the page to help you know when changes have been made).