Privacy Center

Outbrain is committed to protecting your personal data. This Site Visitors Privacy Policy (“Site Visitors Privacy Policy”) details Outbrain’s use of personal data collected and processed when you (“Site Visitor”) visit www.outbrain.com (or any derivation/any of our other sites, such as Outbrain.co.uk; Outbrain.fr; outbrain.de; https://www.zemanta.com/; etc.) (our “Sites”).

For more information on how Outbrain uses your personal data when you interact with ads served on Outbrain’s publisher network, please see Outbrain’s Users Privacy Policy.

If you are a business partner of Outbrain (an advertiser or publisher client) and want to find out more information about how Outbrain uses personal data of its business partners, please see Outbrain’s Business Partner Privacy Policy.

Personal data is information that relates to you and may identify you as an individual. We use your personal data in line with all applicable laws. Citizens from “European Territories” mean the European Economic Area (EEA), the European Free Trade Area (EFTA) and Switzerland.

a) Who we are:

This Site Visitors Privacy Policy applies to Outbrain Inc., a corporation registered in Delaware (USA) whose main office is in New York, and its affiliated subsidiaries (collectively, “Outbrain,” or “we“, “us“, “our“). We operate in various offices around the world and we partner with publishers and marketers across the globe.

If you are in the UK, or in a European Territory, the controller of your data is Outbrain UK Limited.

b) What we do:

Outbrain’s mission is to serve interesting recommendations to you based on what we believe are your interests. To achieve our mission we enter into agreements with:

• online publishers and partners who want to recommend relevant content to their readers (this is Outbrain Engage); and
• advertisers who want readers to view their content (this is Outbrain Amplify).

For further information on our Amplify (advertiser) services see here and our Engage (publisher) services see here. For further information on our Zemanta services, please see here.

c) How to contact us:

We regularly review our compliance with this Site Visitor Privacy Policy. Questions, comments and requests regarding this Site Visitors Privacy Policy are welcomed and should be addressed in the first instance to [email protected].

If Outbrain does not satisfactorily answer your questions or concerns, you may also contact the following for advice, support or complaints:

• Outbrain’s Data Protection Officer (“DPO”) at [email protected]; 
• the Information Commissioner’s Office, which is Outbrain’s supervisory authority in the UK; and/or
• Slovenia SA which is Outbrain’s lead supervisory authority within the European Territories.

• We adhere to the Self-Regulatory Principles set forth by the Digital Advertising Alliance (DAA) and the European Interactive Digital Advertising Alliance (EDAA);
• We are members in good standing of the Network Advertising Initiative (NAI), an association dedicated to responsible data collection and its use for digital advertising. We also adhere to the NAI Code of Conduct. Outbrain also adheres to the Interactive Advertising Bureau’s (IAB) Self-Regulatory Principles for Online Behavioral Advertising, and the IAB Europe TCF vendor ID; and
• We are also TAG Brand Safety Certified here.

a) We may process your personal information for the following purposes: 

• to understand what services on our Sites interest you;
• to improve the user experience and to ensure that content is presented in the most effective manner for you and for your device;
• to remind you about the services we offer when you are not on our Sites (for example, provide you with the information, products and services you have requested and send you our marketing and advertising materials);
• for system administration purposes and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to notify you of any changes to our services; and
• to comply with applicable laws and regulations.

b) In order to do this, we collect and process your personal data when you:

• visit our Sites (including when you sign up to receive information from us);
• when you sign up to receive more information about our services (including newsletters);
• contact our customer service centers or request information from us in any other way; or
• communicate with us via social networking websites, third party apps or similar technologies.

c) We collect and process the following personal data: 

• contact details (such as your name and email address);
• your marketing preferences;
• IP address; 
• user agent data: device type (e.g., iPhone), browser type (e.g., Chrome), operating system (e.g., iOS); 
• the pages visited on our Sites (e.g., the Outbrain “About” page); 
• the time of visit (and corresponding time zone); and 
• referring URLs and other information normally transmitted in HTTP requests (e.g. information telling us how you arrived on our Sites). 

d) Legal basis for processing

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your personal information. In almost every case the legal basis will be one of the following: 

• Consent: In the EEA and UK, where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you or opting out via the consent management platform accessible to EEA and UK site visitors on the outbrain.com site(s) or via the link in the “Business Partners” and “Site Visitors” section of our Cookie Policy.
• Our legitimate business interests: Where it is necessary for us to understand our customers, promote our services and operate effectively, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. 
• Compliance with law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.

Please see this Cookie Table, which is updated from time to time, under the section “Site Visitors”, for a detailed list of first and third party cookies (and their corresponding retention periods) that may be used when you visit our Sites.

Our Terms of Use govern your use of our Sites and apply to you when you interact with our Sites. You can stop using our Sites at any time. If you do, you may also want to remove any cookies that we have placed on any device used to access our Sites and you can do this via your browser. If during your use of our Sites you provided your email address, any email you receive from Outbrain includes an “unsubscribe” option. In addition, you may also opt-out of direct marketing by emailing unsubscribe@outbrain.com.

For Site Visitors in the European Territory and/or the UK, Outbrain has implemented a consent management platform (powered by OneTrust) on our Sites that provides you with the opportunity to consent, or not consent, to cookies and similar tracking technologies. Upon accessing our Sites, you will see a banner in the centre of the page with information about the cookies we use. You may click the banner to reject any cookies (for example, performance cookies or targeting cookies) that are not strictly necessary cookies (as defined in the Cookie Table). By pressing “I Accept” on the banner you are indicating your acceptance to cookies and similar tracking technologies that require consent. Where you have provided your consent for the use of cookies, you may withdraw your consent at any time by navigating to the Cookie table page and clicking this button:  Cookies Settings. In respect of all other Site Visitors not located in European Territories/the UK, we rely on our legitimate interest for processing any personal data however, this does not preclude non-European Territory Site Visitors from withdrawing consent at any time via the Cookie Settings link in this paragraph.

If you are located in the European Territories/the UK, please see Section 8 below which outlines other rights that you may exercise.

a) Security

Outbrain has a dedicated security team. We maintain security controls over the personal data we collect. Please see our security standards for more information.

Please remember that, unfortunately, the transmission of information via the internet is never completely secure. A common Internet scam is known as “spoofing” or “phishing.” This occurs when you receive an email from what appears to be a legitimate source requesting personal data from you. Please be aware that we will not send you any emails requesting you to verify credit card, bank information, or any other personal data. If you ever receive an email that appears to be from us requesting such information from you, do not respond to it, and do not click on any links appearing in the email. Instead, please forward the email to us at [email protected], as we will investigate instances of possible Internet fraud.

Our Sites contain links to other websites that we do not own or operate. We do not control, recommend or endorse the content, products, services, privacy policies or practices of these third party websites. For example, on our Sites you will notice clickable icons which take you to the Outbrain Facebook page or the Outbrain LinkedIn page. If you choose to click on these links, you should know that these sites are not owned or operated by Outbrain and therefore these third party websites may send their own cookies to your device and they may independently collect personal data. It is therefore important that you get familiar with the privacy policies of these third party websites.

b) Sharing

i. Sharing information we learn about you when you visit our Sites

We do not sell and/or share personal data about you with third parties for third party marketing or advertising purposes. We may use various third parties (each listed on the Cookie Table) to help us market or advertise to you. We require that these third parties and companies agree to comply with all applicable data protection laws, keep all information shared with them confidential and to use the information only to perform their obligations to us. We do this by entering into agreements with all third parties who process personal data. If you post on our blog, your comment and information will be publicly available. Please contact [email protected] to remove your comment.

ii. Other

In addition, we may also disclose personal data as follows:

• within the family of companies controlled by Outbrain for internal reasons, primarily for business and operational purposes;
• if we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal data will likely be among the assets transferred;
• when legally required to do so (e.g., to cooperate with law enforcement investigations or other legal proceedings); and/or
• to respond to a genuine emergency.

We may also combine your personal data with that of other users in order to share trend information and aggregate user statistics with third parties, always in aggregated and anonymized form.

c) Data Retention

The retention period for each of the cookies Outbrain uses (whether our own or on our behalf by third parties) is stated in the Cookie Table. 

We may keep your personal data for a maximum of 13 months. When we no longer need personal data, we securely delete/destroy it or anonymise it. Aggregated data, which cannot identify a device/browser (or individual) and is used for purposes of reporting and analysis, is maintained for as long as commercially necessary.

a) Children

None of our services are intentionally directed at children under 16. We do not knowingly collect personal data from anyone under 16 years of age. If we become aware that we have unknowingly collected personal data from a child under the age of 16, we will make reasonable efforts to delete such information from our records.

b) Sensitive data

We do not collect or receive any sensitive categories of personal data when you visit our Sites.

a) Your rights

In compliance with certain privacy laws, in particular the European General Data Protection Regulation (GDPR) and the UK GDPR, you have certain rights in relation to your personal information. More specifically and under certain circumstances:

• the right to request information about whether and which personal data is processed by us, and the right to request that such personal data is rectified or amended;
• the right to request that your personal data be deleted;
• the right to request that the processing of your personal data be restricted or object to the processing on grounds relating to his or her particular situation, or at any time for direct marketing purposes;
• withdraw your consent to the processing and use of your data completely or partially at any time with future application;
• have the right to obtain your personal data in a common, structured and mechanically readable format, and to transmit those data to another controller;
• contact our data protection officer if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data; and
• the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.

We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you wish to exercise any of these rights or have any questions, please email p[email protected].

b) Data transfers outside the European Territories/UK to non-US territories 

Our data centres are located in the United States, the Netherlands and Singapore. We  transfer Personal Data from the European Economic Area (EEA) and/or UK to our data centres in the United States. When we transfer Personal Data, we will ensure such transfers are in compliance with relevant data protection laws, including, if applicable, EU/UK Standard Contractual Clauses, or a European Commission/UK Government positive adequacy decision.  

In other words, your rights and protections remain with your data and we use approved contractual clauses and other measures designed to ensure that the recipients of your Personal Data protect it. Outbrain has in place the Standard Contractual Clauses between Outbrain entities to govern the transfer of data outside of the EEA/UK. To obtain more information as to the safeguards that we implement in this respect or to obtain a copy of them, please email p[email protected].

For more detail on transfers to the United States, please see below.

c) Data transfers outside the European Territories/UK to US territories – EU-US Data Protection Framework (DPF) Participation

i. EU-US Data Protection Framework (DPF) Participation

Outbrain Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Outbrain has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Outbrain has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

ii. Complaint and Dispute Resolution Procedure under the DPF 

Outbrain’s internal complaints mechanism

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Outbrain commits to resolve EU-U.S. DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Outbrain at: [email protected]

You may have the right to lodge a complaint with the data protection authority of your country of residence. If you live in the UK, you can make a complaint with the Information Commissioner’s Office (ICO) at this address. If you live in the EU, you can find the relevant data protection authority here. To submit a complaint to the FTC, click here.

Independent Recourse Mechanism

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Outbrain commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. The Federal Trade Commission has jurisdiction over Outbrain’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Arbitration

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the DPF must first:

1. contact us and afford us the opportunity to resolve the issue;
2. seek assistance from JAMS (an independent recourse mechanism); and
3. contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue.

If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the DPF, the arbitrator(s) may only impose individual- specific, non-monetary, equitable relief necessary to remedy any violation of the DPF Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles has previously been subject to binding arbitration; was the subject of a final judgement entered in a court action to which the individual was a party; or was previously settled by the parties. For more details, please click here.

iii. OUTBRAIN’S LIABILITY IN CASES OF ONWARD TRANSFERS TO THIRD PARTIES

In the context of an onward transfer, Outbrain has responsibility for the processing of Personal Data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Outbrain remains liable under the DPF Principles if its agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless Outbrain proves that it is not responsible for the event giving rise to the damage.

This United States Consumer Privacy Notice (“State Notice”) supplements the Outbrain Privacy Policy and provides additional information for residents of certain states with comprehensive privacy laws, such as California. This State Notice applies to Personal Data we collect, use and disclose from those applicable U.S. state residents. 

a) Your State privacy rights

As a resident of certain U.S. states, you may have the right to submit certain requests relating to your Personal Data, as listed below, depending on your state of residency, such as California. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

• Right to Know. If you are a California resident, you  have the right to know what Personal Data we have collected about you, which includes:
  • The categories of Personal Data that we have collected about you.
  • The categories of sources from which the Personal Data was collected.
  • The business or commercial purpose for collecting, selling, sharing or disclosing the Personal Data.
  • The categories of Personal Data that we sold or shared, and for each category identified, the categories of third parties to which we sold or shared that Personal Data.
  • The categories of Personal Data that we disclosed for a business purpose, and the categories of recipients to which we disclosed that Personal Data.
  • The specific pieces of Personal Data we have collected about you.
• Right to Access, Confirm and Data Portability. You may have the right to confirm whether we are processing your Personal Data, to access your Personal Data, and to obtain a copy of Personal Data you provided to us in a portable format.
• Right to Delete. You may have the right to delete the Personal Data that we have collected from you, subject to certain exceptions.
• Right to Correct. You may have the right to request that we correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and our purposes for processing it.
• Right to Opt Out of Sales and Sharing of Personal Data for Targeted Advertising.  You may have the right to opt out of the sale of your Personal Data, and to request that we do not share your Personal Data for targeted or cross-context behavioral advertising.
• Right to Withdraw Consent or Limit Use and Disclosure of Sensitive Personal Data. If we process Sensitive Personal Data from you, you may have the right to withdraw a previously provided consent for processing your Sensitive Personal Data for a specific purpose. For California residents, we do not use or disclose Sensitive Personal Data for purposes to which the right to limit use and disclosure applies.
• Right to Know Third Party Disclosures. You may have the right to request a list of third parties to which we have disclosed Personal Data. 
• Rights Related to Automated Decision-Making or Profiling. We do not use your information for profiling in furtherance of decisions that produce legal or similarly significant effects or for the purposes of automated decision-making as defined under currently applicable law.
• Right to Appeal.  Sometimes we are unable to process requests relating to your Personal Data, in which case, your request will be denied. If you have previously submitted a privacy rights request to us that has been denied and you believe that we denied it in error, you may have the right to appeal for reconsideration of your request by emailing us at [email protected] or by calling us toll free on 1-866-I-OPT-OUT and entering service code 253# to leave us a message.
• Non discrimination. You are entitled to exercise the rights described above free from discrimination.

b) How to exercise your rights

You may exercise your privacy rights described above as follows:

• By calling us toll free on 1-866-I-OPT-OUT and entering service code 253# to leave us a message.
• By emailing [email protected]

c) Right to opt-out of the “sale” or “sharing” for targeted advertising of your Personal Data

We do not sell your Personal Data in the conventional sense (i.e., for money). However, like many companies, we use services that help deliver interest-based ads to you. To opt-out from this “sale” or “share” for targeted advertising, click on this link which will take you to our Interest Profile where you can opt out of personalised recommendations. If you choose to use the Global Privacy Control (GPC) browser signal, you will only be opted out of online sales or sharing of Personal Data, and will need to turn it on for each browser you use.

We will need to confirm your identity and state of residency to process your requests. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. Depending on your state of residency, you may be able to designate an authorized agent to make a request on your behalf; however, you may still need to verify your identity with us before your request can be processed. An authorized agent may submit a request on your behalf using the methods listed above.

Please note that if you make a privacy rights request, we will retain the Personal Data submitted in connection with your request for recordkeeping purposes.

Some browsers transmit Do Not Track (DNT) signals to websites. Because there is no common understanding of how to interpret the DNT signal, Outbrain does not currently alter, change, or respond to DNT requests or signals from these browsers. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary. In the meantime, you can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving personalized recommendations (please see Outbrain’s Platform Privacy Policy).

We may change this Site Visitor Privacy Policy from time to time. 

a) Data Protection Officer (DPO)

To communicate with our Data Protection Officer, please email at [email protected] or use the contact details below. You may also contact your local data protection authority. A list of local data protection authorities is available here.

b) General questions

If you have any questions or concerns about your privacy you may contact us at:

Outbrain Inc.
111 West 19th Street 3rd Floor
New York, NY 10011, USA
Attn: Privacy questions

Email: [email protected] or [email protected]