GROUPM PRIVACY NOTICE

GROUPM GLOBAL PRIVACY NOTICE

GROUPM.COM PRIVACY NOTICE

How and why we collect data and covering your choices.
(last update: Oct 25, 2021)
GroupM is a global media investment business and is the umbrella for a group of companies, including media planning and buying companies such as Mindshare, Wavemaker, and EssenceMediacom and technology providers including: [m]PLATFORM and Xaxis. GroupM’s portfolio also includes Choreograph; WPP’s global data products and technology company. For more details about these technologies and group companies, please refer to the below section of this notice which provides links to their own privacy notices.

GROUPM.COM PRIVACY NOTICE

September 2023

This Privacy Policy contains important information about how we use your personal information. We respect the privacy of individuals who interact with our business and where you choose to provide us with information about yourself, you trust us to act in a responsible manner with that information.

In this privacy policy, references “GroupM”, “us”, “we” or “our”, are all references to GroupM.

If you have any questions, comments or concerns about any aspect of this policy or how GroupM handles your information please email our privacy team at dpo@groupm.com.

What information do we collect?

We collect personal information from you in several ways; you may share information with us, or we may collect it using other means. In this section we explain the different ways we collect personal information from you and some ways in which that information will be used.

  • Requesting information from us and responding to your queries
    We process contact information such as name, email address, telephone number or postal address, preferences, and other declared personal information about you when you provide it to us. For example, when you fill out online forms, subscribing to our services, call, or text us, enquire about our products and services.

  • Interacting with us via Social Media Channels
    We process information relating to you when you interact with us through social media platforms such as Linkedin or Facebook.

  • Registering for and attending our events, seminars, or conferences
    If you choose to attend one our events, we will ask for your contact information to provide you with details of the event and manage your attendance. For in-person events, we may ask you to provide us with accessibility information, if appropriate.

  • Updating you on developments and initiatives
    We may process your contact information to keep you informed of updates and developments in our business.

  • Interacting with our website
    When you visit our website we may collect details of your website visit, including name, email, phone number, IP address (a unique identifier for your computer or other device), website URL and mobile device ID. Our website also uses cookies please see our cookie policy below for details.

  • Applying for a job at GroupM
    We process information provided by you in relation to submitting a job application to GroupM (this may include sensitive personal information for example ethnic origin). Please see our Recruitment Privacy Policy here for further information.

  • Visiting our offices
    We may collect information such as contact information (including name, email address, telephone number) and CCTV footage in respect to your visit to our office address.

  • Interacting with us as a client of GroupM
    When interacting with us as a client, we process information we may receive from you or from others in relation to our provision of services to our clients. Please see our Client Privacy Policy here for further information.

  • Interacting with us as a supplier or partner to GroupM
    We process information in relation to you as an individual if you provide services to us (or if you work for a company that provides services to us). Please see our Supplier Privacy Policy here for further information.

How do we use it?

We will use your personal information in the following ways. We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your information, and this is also set out below:

How we will use your personal information Our legal basis for processing
To provide or respond to you, with information that you have requested, e.g., this could relate to a newsletter, bulletin, an invitation for an event, your interaction with us on social media Consent – we only use your personal information for this purpose if you have asked us to do so. You can withdraw your consent at any time.
To keep you updated with developments and initiatives at GroupM, its affiliates or partners Our legitimate interests – we use your information to provide you news and updates on GroupM, its affiliates or partners. You will always have the opportunity to opt-out in each correspondence.
To process your registration for and attendance at events, seminars, conferences, and meetings with GroupM its affiliates or partners Our legitimate interests – we use your information to book you on to the requested events and to send confirmation to you and the event organiser.
To respond to specific queries you may raise regarding GroupM, its affiliates and partners Consent – we only use your personal information for this purpose if you have asked us to do so. You can withdraw your consent at any time.
To provide you with better ways of accessing information from this website Consent – we only use your personal information for this purpose if you have consented for us to do so. You can withdraw your consent at any time.
To process and consider your job application. Our legitimate interests – we use your personal information to assess your job application, update you on its status and keep you informed of other opportunities, if you have asked us to, via the methods you have selected.
To manage your visit to the office Our legitimate interests or any other purposes required by law such as for example, compliance with fire protection regulations.

For how we use your information that is collected using cookies and similar technologies please see the “Cookies” section below.

Do we pass your information to third parties?

We may send your personal information to other group companies, affiliates and third parties to help us process your personal information for the purposes set out in this policy. Further details of our group companies can be found here.

We may disclose your personal information if we or any of our assets are the subject of a sale or similar corporate transaction. We will ensure that the third parties who receive your personal information are required to keep it confidential.

We may disclose personal information to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.

Where do we send your information?

We are a global company and therefore we may transfer your personal information to countries around the world including the US and other countries outside of the UK and Europe. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards (we use standard contractual clauses) to ensure your information is protected.

How long do we keep your information?

We only keep your personal information for as long as we need to, to be able to use it for the reasons given in this privacy policy, and for as long as we are required to keep it by law.

How do we protect your information?

We take appropriate technical and organisational measures to ensure that your personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.

Children’s Privacy

This website is not intended or designed to attract children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16. If you are under 16 years old and wish to ask a question or use this site in any way which requires you to submit your personal information, please get your parent or guardian to do so on your behalf.

Your rights

You are entitled to ask:

  1. for a copy of the personal information we hold about you, and details about how we are processing your personal information;

  2. to have any inaccuracies in your personal information corrected;

  3. if we are processing your personal information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so; and

  4. to have your personal information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).

    Please contact us using the details set out below if you would like to exercise any of these rights.

    You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

Changes to this privacy policy

We review this privacy policy on a regular basis to ensure that it is up-to-date with our use of your personal information, and compliant with applicable data protection laws.

We reserve the right, at our discretion, to revise this privacy policy at any time. The updated privacy policy will be posted on our website. You are encouraged to review this privacy policy from time to time.

Cookies

What are cookies?

We may use information obtained from cookies or similar technology. Cookies are text files containing small amounts of information which we download onto your computer or device when you visit our website. Therefore, when we refer to “you” in this section we mean your computer. We can recognise these cookies on subsequent visits and they allow us to remember you.

Cookies come in many forms. We have set out below the main types and categories of cookies that are used. This section refers to all types and categories of cookies and not just those we use on our website.

First and third-party cookies – whether a cookie is first-party or third-party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user, the website displayed in the URL window e.g. www.groupm.com. Third-Party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie.

Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session cookie – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

What do we use cookies for?

Cookies fall into one or more of the categories set out below. This website uses cookies that fall into all the categories. Also we use data from targeting cookies placed on your computer by third parties when you have visited other websites.

  1. Strictly necessary cookies – These cookies enable services you have specifically asked for.

    These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies certain services you have asked for cannot be provided.

  2. Performance cookies – These cookies collect information on the pages visited.

    These cookies collect information about how users use a website, for instance which pages users go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve how the website works.

  3. Functionality cookies – These cookies remember choices you make to improve your experience.

    These cookies allow the website to remember choices you make and provide enhanced, more personal features.

  4. Targeting cookies or advertising cookies – these cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.

    These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisation such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

If you want to delete any cookies that may already be on your computer or device, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu. Further information on cookies is available at allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

How to contact us

If you wish to exercise any of your rights in relation to your personal information or if you have any queries about how we use your personal information, please let us know by contacting us at the following address: GroupM Sea Containers House, 18 Upper Ground, London SE1 9GL UK or by email at dpo@groupm.com.

Changes to this Privacy Notice

Changes to this Privacy Notice

In the European Economic Area (EEA) and Switzerland the GroupM legal entity responsible for the data that GroupM collects is GroupM UK Limited. Outside of the EEA and Switzerland the responsible legal entity is GroupM Worldwide, LLC. This notice outlines how and why GroupM (“GroupM”) collects and uses personal data specifically from visits to the groupm.com website (“Website”). It also explains your rights as someone who may provide personal data to GroupM through the Websites and how to exercise these rights. If you are an individual residing in the EEA or Switzerland you should be aware that our DPO can contacted at DPO@GroupM.com.

What information is collected and used by GroupM?

We collect information that enables us to identify your browser and device and tell us which pages within our Website you visit and on which pages you spend the most time. We do this by using the following:

Cookieis a small alphanumeric text file that we automatically assign to visitors to our website. It is stored in your browser and allows us to identify you.
Sometimes a cookie resides on your device for just the single time you’re visiting our Website; this is called a session cookie. Sometimes a cookie remains on your device until you delete it or it expires automatically; this is called a persistent cookie. Both types of cookies are used on our Website.
IP addressmeans Internet protocol address
Pixelis a line of code that sits within our webpages and which we use to record that you have visited a particular page within our website.

We use some, or all, of this information to improve your website experience by delivering content that you are likely to prefer on future visits. Our lawful basis for this type of processing is that we have a legitimate interest in understanding and improving your experience of our Website.

If you don’t agree to us using cookies and the above information, you may prevent their use through your browser settings or you may choose to opt out HERE. By choosing not to accept cookies, certain Website features may not work as we have intended.

Specific Cookie Types used by GroupM

Performance
Analytics
Tracking
This type of cookie provides aggregated information about where a user may go on the Website.
Google Analytics
(persistent)
GroupM uses Google Analytics to help us analyze how visitors use the Website. Among other things, Google Analytics uses cookies to collect information about the number of visits to the Website, the webpage that referred visitors to the Website, language, device, browser and operating system, the pages visitors view within the Website and other similar details. We do not share this information with third parties. When used this way the Google Analytics cookie is a persistent cookie, and will remain on your device until the cookie expires or you delete it. These cookies may appear as _utma, _utmb, _utmc, _utmz, _utmv, _utmt.
Google Analytics
(session)
This cookie may appear as has_js. We do not retain this data as it is deleted upon closing of your browser, and therefore we cannot share it with any third parties.
Social media
Social Sharing
These are cookies that help with the Website’s functionality. These are third party cookies, and they allow you to share comments, pages, bookmarks, and likes, and help to provide access to social networking tools easily
WidgetsSocial media widgets used on this Website include LinkedIn, Twitter, and YouTube. These social media widgets collect information about your visit to the Website and your use of the social platform services (for example, buttons or likes) on the Website. We do not share information with these social platforms, however please keep in mind the social networks collect the data of your site visit and interaction with the social widget directly

Collection and Use of Contact Information.

There are a few instances where we may collect your name and contact details (such as e-mail address, telephone number and postal address). But, we won’t collect this information without consent and never use it in online advertising placement. Examples where you might voluntarily provide your name and contact details include:

    • Responding to requests: we keep a record of information, including email address and other contact information, solely for responding to a user’s request. For example:
    • If you click on the “contact us” link and submit a question or comment, we will collect your name, e-mail address, and phone number to send you a reply.
    • If you voluntarily ask to be added to our newsletter list, we will collect your e-mail address to send you our email newsletter.

By entering your contact information as noted above you are consenting to GroupM using that information to contact you regarding your request. This consent is our legal basis for using the information in this way.

If at any time you decide to withdraw your consent and like would us to remove you from our marketing e-mails or newsletters, or to unsubscribe from our database, you can contact us using the details provided at the bottom of this Privacy Notice. You must include your name, e-mail address, and clear instructions regarding changes you are requesting. You may also unsubscribe from e-mail newsletters by clicking on the “unsubscribe” link found at the bottom of the e-mail.

GroupM is a data controller responsible for your personal data (as this term or similar term is defined by applicable law) when you visit our Website or provide us with contact information.

California

*This section only applies if you are a resident of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”).

Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of personal information that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. To request a list of companies, if any, to which GroupM has provided personal information for its own marketing purposes, please email us at DPO@groupm.com . Please allow 30 days for a response.

CCPA Personal Information We Collect

The Website collects the following categories of personal information, and the Website has collected the following categories of personal information (i) from its consumers within the last twelve (12) months, (ii) for the following purposes and (iii) from the following sources. In addition, we may share personal information with the below-identified categories of third parties.

Except as otherwise expressly set forth herein, we will not collect additional categories of personal data or use the personal data we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Category of Personal Information

Category of Personal Information ExamplesPurposes for Which Such Information Will be Used or Was Collected in the Preceding 12 MonthsCategories of Sources From Which Personal Information Will be Collected or Has Been Collected in the Preceding 12 Months
Personal IdentifiersName, postal address, online identifier, Internet Protocol address, email address.To respond to your requests, provide the requested service, market our services to you and provide information about eventsUser completing a web form on the Website(s), registering for one of our events or subscribing to the newsletter
Cookie ID/IP address/Browser/Device ID/Location dataSee “cookie” information above  
Internet or other similar network activityBrowsing history, search history, information on a consumer’s interaction with a website, application or advertisement 

As used in this CCPA section, “personal information” does not include:

    • Information that is lawfully made available from federal, state or local government records.
    • De-identified or aggregated information
    • Information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”),
      such as:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Your Right to Know and Access Information

California consumers have the right to request that we disclose to them, for the 12-month period preceding the date of the request, (i) the categories of personal information we have collected about them, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about them.

Your Right to Request Deletion

You have the right to request that we delete any personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain information that has been de-identified or aggregated.

    • Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against illegal activity.
    • In any access or deletion request that you make pursuant to this notice, you should include your full name, e-mail address, and clear instructions regarding changes and/or information you are requesting in sufficient detail that allows us to properly understand, evaluate, and respond to your request. In addition, we ask that you please provide sufficient information to enable us to reasonably verify that you are the person (or an authorized representative of the person) regarding whom we collected the personal information. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
    • In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity (or, in the case of an authorized representative, authority to make the request) and confirm that the personal information relates to you. With respect to any requests to delete your data, once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under applicable law applies. If we cannot comply (in whole or in part) with a request, the response we provide will also explain the reasons we cannot comply.
    • We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.

If you use an authorized agent to exercise the right to opt-out, you must provide the authorized agent written permission to do so, and we may deny the request if the authorized agent does not submit proof that it has been authorized by you to act on your behalf.

Note – Subject to applicable law, opting out through this mechanism will not prevent your personal information from being shared with third parties for non-marketing purposes (for example, to process one of your transactions). Further, this opt out mechanism will not prevent the transfer of personal information in connection with a merger, acquisition, bankruptcy or other sale of all or a portion of our assets.

To exercise any of your rights herein, you can contact us using the contact information provided at the bottom of this Privacy Notice. Please remember that any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We will not discriminate against you for exercising any of your rights hereunder!

Frequently Asked Questions

Does GroupM share any information with other vendors or partners? We may provide access to information we collect to our vendors and contractors (also known as third parties) who are performing services on our behalf to enable the uses of your information that we have described above. These vendors are not permitted to use this information for any other purpose. As noted above the Website uses social media widgets including, but not limited to, YouTube, Twitter, and LinkedIn so users can easily share information about their visits with “likes” or “shares.” Always review the privacy policy of social media sites as their data collection practices are separate from GroupM practices. Additionally, we must disclose information when we believe we’re legally obliged to, or in order to investigate, prevent, or take action regarding prohibited activities, such as incidents of hacking, misuse, or other prohibited activities.

Does GroupM transfer your Personal Data outside the European Union? If you provide us with personal data, we may transfer that personal data to our affiliates and subsidiaries or to other third parties, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world to enable us to use that personal data as described above. Our standard practice is to use European Union model clauses for the transfer of data from the EEA & Switzerland to other non-EEA countries.

Use of this site by Children & Children’s data: We’re sensitive to children’s privacy. Our Website is not developed for or directed at children under age 13. We specifically request that children not provide information about themselves through our Website. If you believe your child has provided this kind of information and would like it deleted from our database, you can contact us at DPO@groupm.com . If we become aware we’ve collected information about a child under the age of 13, we’ll delete it.

Data retention and storage: We will keep your information that we collect on the Website for a reasonable period for the purposes set out above. We follow generally accepted online advertising industry standards to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use.

Information Security: Maintaining the privacy of our users’ information is very important to us which means we take care and pay special attention to our security measures to protect this information from data breaches. We follow industry standards to protect against the unauthorized access to, retention of, and disclosure of information. This includes physical, electronic, and management activities to protect information integrity, access, and use.

Linking to other websites/Third party sites: A link from our Website to another website does not imply our endorsement of affiliates or websites, and we do not control third party websites to which we link, nor assume responsibility for their content or privacy policies. Once you follow a link to another website, the GroupM Privacy Notice no longer applies. It’s important to always read the privacy policy of any website you are visiting.

Transfer of data upon change of control: In the event that another company acquires us, or all or substantially all of the assets of our business, through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all information (including any information you may have provided through the “contact us” page) that is in our possession or under our control to the acquiring party, and that information may be used by the acquiring party in its business.

Data Subject Rights of individuals in the EEA and Switzerland: You have the right to access, update, change, delete, restrict the use of, or obtain a copy of your Personal Data in an easily readable format. In certain circumstances, you may also request that GroupM transfer your Personal Data to a third party, and the right to object to its use for marketing purposes. If you wish to exercise any of these rights please contact our DPO at DPO@GroupM.com.

Where our processing of your personal data is based on your consent, you also have the right to withdraw this consent at any time by contacting our DPO at DPO@GroupM.com. Please note that your withdrawal of consent will not affect the lawfulness of our processing of your personal data prior to withdrawal of consent.

Changes to this Privacy Notice

Please note that because of the changing nature of privacy laws and regulations, digital technologies, and our business, we may modify this Privacy Notice from time to time. Please review this Privacy Notice periodically to become aware of any changes that may have occurred (we will update the effective date at the top of the page to help you know when changes have been made).

If you have any complaints or wish to contact us: Please use the details set out below depending on where you are located and we will do our best to address any complaints or worries you may have about how we collect and handle your Personal Data.

If for whatever reason you don’t feel like we have adequately addressed your concerns you can contact the Data Protection Authority in your jurisdiction and make a formal complaint.

Europe:

GroupM UK Limited

DPO@GroupM.com

GroupM, Sea Containers, 18 Upper Ground, London, SE1 9PT– Attn: Data Protection Officer

Outside Europe:

GroupM Worldwide LLC

Privacy@groupm.com

GroupM, 3 World Trade Center, 175 Greenwich Street, New York, NY, 10007, USA – Attn: Director of Privacy

X