Rokt Privacy Policy

For our GDPR page, click here.


View the Privacy Policy in: German | French | Dutch | Japanese

Updated May 28, 2019 (Access the Privacy Policy archive here)

As of May 28, 2019 the main changes to the Privacy Policy are as follows:

  • Clarified that Rokt employs a joint-use arrangement in the section under the heading “Further disclosure of your Personal Information.”

This Privacy Policy (“Privacy Policy“) explains how Rokt® entities (“Rokt“, “us“, “our“, and “we“), collect and use Personal Information (defined below) and sets out the basis on which Personal Information we collect from or about you will be processed by us. This document aims to provide a concise, transparent, intelligible and easily accessible information about how we process personal data – please read it.

This Privacy Policy applies to all users of Rokt experiences provided via rokt.com, other Rokt websites including Tomorro.com (“Rokt Owned Sites”), and Rokt technology that is integrated on third-party partner websites, app or mobile-device applications (“Partner Sites”) (collectively, “Rokt Sites“). This Privacy Policy does not apply where Rokt processes your Personal Information on behalf of any Partners to enable those Partners to serve their own Offers and not those of any other Brand. Please consult the privacy policies or notices of those Partners to understand how they use your Personal Information.

This Privacy Policy replaces and supersedes the last version of this Privacy Policy for all users. It should be read in conjunction with the Rokt Cookie Policy, set out further below.

Who is Rokt? What does Rokt do?

Rokt is the transaction marketing company. We provide services to Rokt Sites partners (“Partners”) that allow you to receive offers, contests, promotions, coupons, discounts, app download invitations, calendar subscription invitations, surveys/poll invitations and invitations to enter sweepstakes and interact with other marketing services (including during or after a transaction) (collectively, “Offers”) from third-party brands (“Brands”), displayed on Rokt Sites. You may choose to sign up to receive communications in respect of such Offers, including by email, phone or SMS, from Brands or Partners, and from Rokt.

What are the consequences of signing up to Offers, or not?

There is no obligation on you to sign up to Offers, at all. As a consequence of signing up to Offers, we may share your personal data with the party identified in the Offer, so that any Offers they have offered may be fulfilled by them, and so they may provide further information associated with such Offers, as further detailed below under ‘Use and Disclosure of your Personal Information’. Importantly, there are no negative consequences if you do not sign up to an Offer, nor are you prevented from accessing the services in future from that company – simply no further action will be taken in respect of that Offer.

Our commitment to Privacy

Rokt takes your privacy very seriously and is committed to protecting it, as well as securing the data entrusted to us by Partners, Brands and you. We understand that you will only use our service if you can trust us to protect your Personal Information and use it appropriately. For more information on how we secure your data, see ‘Information Security Safeguards’ below.

What is Personal Information?

“Personal Information” or “Personal Data” is information about you which (i) can be used to identify, contact or locate you; (ii) can be combined with other information that is linked you; or (iii) is defined as “personal data” or “personal information” by applicable laws or regulations relating to the collection, use, storage or disclosure of information about you. Personal information includes contact information (e.g. email address, telephone number), online information (e.g. IP addresses, device identifiers), and other data which can be used individually or in combination with other data to identify an individual (such as gender, marital status, age, postcode).

Types of Personal Information that we collect, when, why and from whom (our basis for processing)

We collect and process a number of categories of Personal Information, on the basis of the legitimate interests of Rokt, its Partners and Brands:

  • Personal Information you give us when you engage with, or sign up to, Offers across Rokt Sites;
  • Personal Information you provide to us through our various customer contact channels;
  • Personal Information about you provided to us by Brands and Partners (as part of our services to them), such as your identifying details (such as email address, gender, age/DOB, postcode, title, phone number), transaction details or conversion data (such as what you purchased, when and via what method);
  • Usage data about your interaction with Offers, or any communications sent on behalf of Rokt, Brands or Partners, including:
    • information relating to your Offer interaction, such as Offer click-through rates and viewing data;
    • device information and website analytics information retrieved from your device/web browser, such as device profile, IP address, browser type/version, language preferences, access times, referring website address, your general geographic area based on your IP address;
  • Information we obtain using cookies, eTags/ cache browsers, pixels, web beacons/ GIFs, local storage, or other identifiers or other tracking technologies on Rokt Sites and in e-mails we send you, that tell us the pages you view, the links you click, whether an e-mail has been opened, transaction information and other actions relating to our services and technology;
  • Information about you that we may obtain from third-party sources and platforms (including data validation services, authentication service providers (including for calendaring services), data enrichment providers, social networking sites, online marketing and segmentation providers and ad-targeting companies) to supplement the information we collect from Partners and Brands and directly from You. For example, when you sign up to a sweepstakes competition or drawing Offer using your email address, we verify with a validation service that the email address is real, in order to ensure valid registration information and prevent fraudulent signups. In other cases, we may use age verification providers in order to ensure that offers are appropriate for a particular individual above or below the age of majority, or the age of digital consent.

In some circumstances where we process your Personal Information on the basis of our legitimate interests and those of our Partners and Brands, separate consent may be required by law for us to operate our technology (for example, in the case of cookies or other tracking technology that we use to access end user devices or technology that identifies your location or geographic position). Your consent may be obtained by us or on our behalf by our Partners and Brands.

The legitimate business interests referred to above, which have been balanced against the rights and freedoms of data subjects and their reasonable expectations, include:

  • (i) the provision and use of website preference management software and analytics services ensuring customers have the best possible website experience by ensuring that content is relevant, engaging and personalized for each user viewing content on Rokt Sites (e.g. “if you just bought this product, you might like…”) or accords with the Partner’s specified user journey or journey parameters;
  • (ii) the provision and use of website Brand management tools to promote brand safety for website users and owners; (iii) ensuring website safety by ensuring Offers presented to users are age-appropriate and shown only to their intended audience (e.g. not to children);
  • (iv) the provision and use of website analytics and conversion tracking tools to assess the transaction attributes to optimize future marketing campaigns and future marketing strategy;
  • (v) the provision of customer and email management software services allowing customers to effectively subscribe or unsubscribe to Offers that may be of interest or value to them;
  • (vi) allowing website owners to recoup the actual cost of providing website services to users;
  • (vii) validating users to verify the accuracy of customer data and to reduce fraudulent signups;
  • (viii) creating and retaining evidential records to validate the provision of consent to direct marketing;
  • (ix) using limited data sets for suppression purposes to prevent further unwanted processing for users who have either (a) objected to direct marketing or (b) have exercised their right to erasure (in respect of Personal Information provided by them), if applicable.

Note you have a right to object processing on the above basis – see below under ‘Your rights in relation to your Personal Information’. Note in order to offer you a more consistent and personalized experience in your interactions with Rokt, information collected through one Rokt Service may also be combined with information obtained through other Rokt Services.

Use and Disclosure of your Personal Information

Rokt’s technology allows us to display Offers from Partners and Brands on Rokt Sites, and allows you to sign up to receive communications in respect of such Offers. The following subsections detail how your Personal Information is used by Rokt (i.e. for what purpose), as well as the basis on which we disclose information to Partners and Brands and other third-party processors.

(i) Use of Personal Information by Rokt

We use your Personal Information for purposes including:

  • providing, maintaining, protecting, and improving our technology, products and services,
  • monitoring the effectiveness of our services;
  • selecting, displaying and providing to you Offers that are targeted and customized and personalized to your interests, attributes, preferences and experiences;
  • predicting what Offers are relevant and engaging to people like you based on your known characteristics;
  • disclosing the information to Partners and, if applicable, Brands – as set out in the sub-section (iii) below;
  • making our services easier to use by eliminating the need for you to repeatedly enter your information;
  • Offer targeting and suppression purposes, including display retargeting;
  • sending you confirmation messages, further details messages and follow-up reminders for Offers that you have signed up to, via the applicable or appropriate medium including email, SMS, or communicating with you at the telephone number provided or confirmed (which may include using an automatic telephone dialing system or pre-recorded message), on our own behalf and on behalf of Partners and Brands;
  • where you have signed up on rokt.com or Tomorro.com, or verbally confirmed with our staff, sending you marketing and promotional materials you have elected to receive;
  • administering Rokt-sponsored sweepstakes, competitions or drawings you enter – including contacting you if you win, displaying your details online, publishing your name in relevant newspapers or disclosing details of winners to relevant authorities, if required by law;
  • maintaining appropriate legal or business records;
  • enabling us to conduct customer research and develop new services;
  • validating the information you provide to us;
  • to protect our rights, property or safety, our users and employees, or any third-party (incl. Brands or Partners); and
  • complying with applicable laws and regulations.

We may state a more specific additional purpose when we collect your Personal Information.

(ii) Disclosure of Your Personal Information to Brands or Partners

Our use of your Personal Information also includes Rokt:

  • Disclosing your Personal Information (including information you give us and Offer-related information to the Partner) when you engage with Offers while on the Partner’s site, including by swiping or clicking on Offers;
  • Disclosing your Personal Information (including email address and segmentation data (e.g. gender, age/DOB, postcode, title, phone number and third-party provided data), even where this information is not directly displayed on screen), to named Brands if you indicate that you wish to accept their Offers (including by swiping or clicking). For example:
Where you sign up to
an Offer that involves:
We may share the following Personal Information:
Receiving information from a Brand via email or otherwise joining their CRMYour email and name, gender, state, country, zip code or other location details, age or date of birth, and your device, browser information and transaction information where relevant to the Offer you have accepted (like date or location of an event)
Receiving a call from a BrandYour phone number, email and name, gender, state, zip code or other location details, age or date of birth, and your device, browser information and transaction information where relevant to the Offer you have accepted (like date or location of an event)
Visiting a Brand’s siteYour email and name, gender, state, country, zip code or other location details, or age but only to prepopulate an online form for your convenience
Signing up to a calendaring invitation or downloading an appPseudonymized details about You like hashed email for tracking, attribution and custom audience purposes
Other Offer typesInformation consistent with the nature of the Offer being provided, similar in nature to the details set out above

Electronic Communications – Where a Partner or Brand has made an Offer, and you indicate that you wish to accept it (including by swiping and clicking), we disclose your Personal Information to the Partner or Brand (as applicable) so that any Offers they have offered may be fulfilled by them, and so they may provide further information associated with such Offers to you via the applicable or appropriate medium (including email, SMS, or communicating with you at the telephone number provided or confirmed (which may include using an automatic telephone dialing system or pre-recorded message)). That information is provided to such party for the purpose of fulfilling the Offer, or other purpose explicitly disclosed at the time of collection, and your information will be handled by that party in accordance with its own privacy policy.

Note we do not sell, rent, share or trade your Personal Information to Brands for marketing purposes unless you have granted us permission to do so.

(iii) Further disclosure of your Personal Information

We may additionally disclose your Personal Information as follows:

  • to third-party agents and processors, such as our technology vendors, CRM and data management platforms, data transmission companies, email service providers, data validation service providers, authentication service providers, data enrichment providers, online marketing and segmentation providers; and ad-targeting companies, as applicable, predominantly located in the USA, for third-party processing;
  • to Brands or Partners if you have entered a contest or promotion sponsored by Rokt via their site;
  • under a joint-use arrangement, to any member of the Rokt group, meaning subsidiaries of parent company Rokt Pte Ltd( including their respective directors, employees and personnel);
    • the items of personal data that may be disclosed under such a joint-use arrangement include all of the types of data discussed above under the heading “Types of Personal Information that we collect, when, why and from whom (our basis for processing).”
    • the scope of parties included in this joint-use arrangement are the members of the Rokt group as listed here: https://www.rokt.com/about-us/#offices
    • the purpose of use by the parties included in this joint-use arrangement is to achieve the purposes described above under the heading “Use and Disclosure of your Personal Information.”
    • Rokt’s Data Protection Officer supervises the joint-use arrangement and can be contacted via dpo@rokt.com.
  • as required by any law, subpoena, court order, or other enforceable legal process (including laws outside your country of residence);
  • as necessary to detect, prevent, or otherwise address fraud, security or technical issues;
  • as necessary for us to do in order to establish or exercise our legal rights or defend against legal claims; or
  • as part of or in anticipation of a business sale, merger, consolidation, investment, change in control, transfer of substantial corporate assets, reorganization, liquidation, or similar business transaction or corporate event.

and for such other purposes that are consistent with the way we have informed you that we will use your Personal Information in this Privacy Policy; and subject to appropriate confidentiality and security measures.

Disclosure of your Personal Information to recipients ‘overseas’

Rokt processes Personal Information in multiple countries, on high-security servers, possibly located outside the country in where you live, with our primary servers located in the USA. Before we disclose your personal information to an overseas recipient, we take steps as are necessary and reasonable in the circumstances to ensure that the overseas recipient does not breach privacy laws in relation to your Personal Information.

Where we disclose your personal information to Brands and other third-party processors, it is likely (although not assured) the Brand or third-party processor will be located in one of the markets in which we operate or have a presence – namely the United States, Australia, Singapore, Japan, the EU, the United Kingdom and New Zealand and any other countries in which operate as disclosed at https://www.rokt.com/about-us.

Rokt discloses Personal Information of individuals located in the European Economic Area with: (i) suppliers; (ii) other members of the Rokt group; and (iii) Brands and Partners located outside of the European Economic Area. Such transfers may be made: (a) to a third country or territory that is assessed by the European Commission as ensuring an adequate level of protection; (b) to recipients who have in place appropriate safeguards, such as standard contractual clauses that are approved by the European Commission or binding corporate rules that have been approved by a competent supervisory authority; or (c) where a transfer to a third country is occasional and necessary in relation to a contract between us or in your interest or for the establishment, exercise or defense of legal claims. In order to safeguard transfers of personal data for EU residents outside of the EU, Rokt discloses information concerning EU residents both (i) with suppliers and (ii) within the Rokt group, on the basis of EU-approved standard contractual clauses approved under Art 47 GDPR.

Information Security Safeguards

The security of your Personal Information is a priority for us, especially when your personal information is transferred ‘overseas’.

We take appropriate technical and organizational measures (including physical and electronic security) to safeguard Personal Information from loss, misuse, unauthorized access, modification or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. Specific measure that we use include:

  • restricting access to Personal Information where practicable;
  • using industry-standard encryption to protect data in transit and at rest;
  • building and maintaining a secure (private) network with no direct access between the internet and systems processing your data;
  • using pseudonymization techniques such as hashing email addresses or device IDs that we associate with you to reduce the risks when processing that data;
  • conducting regular scans and penetration tests of our applications and networks to identify (and address) any potential vulnerabilities;
  • demanding equivalent security and confidentiality measures from any third parties we do business with.

Data Retention

Rokt sets data retention periods in consultation with Partners and Brands in determining how long to retain the Personal Information about you supplied to us by them, subject to you exercising your lawful data subject rights, and further subject to any requirement for us to hold data for such period as may be required to establish, exercise or defend legal rights or ongoing legitimate business interests (e.g. to prove that you signed up to a particular Offer or electronic communication).

These periods vary by market in accordance with local laws. Please refer to the ‘User Rights’ section below for more information about how you can exercise your rights.

In respect of other categories of Personal Information and Personal Information collected on Rokt Owned Sites, if Rokt has no ongoing legitimate business need to process your Personal Information, we will take all reasonable steps to destroy the information and/or ensure that the information is de-identified or anonymized or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Rokt is not responsible for how long Partners and Brands may retain your Personal Information. You should consult the privacy notices provided by Partners and Brands with whom you interact in order to determine how long they may retain your Personal Information.

How we use Tracking Technologies

Like many companies, when we display online Offers to you, we may use one or more persistent “Tracking Technologies” (such as cookies, entity tags (eTags), pixels, web beacons/ GIFs, local storage, or other identifiers on your device and browser settings) in order to recognize you and your device each time we display Offers to you. We also apply statistical probabilities to data sets, which attempt to recognize or make assumptions about, users and devices (e.g., that a user of multiple devices is the same user). Tracking Technologies may set or alter settings or configurations on your Device. We use both session and persistent tracking technologies.

We use these technologies for a number of purposes to enhance your online experience, such as for preference setting, offer selection, analytics, conversion attribution and fraud reduction. By rejecting Tracking Technologies, this does not mean that you will no longer see ads when you visit Rokt Sites. Further information on our use of Tracking Technologies, and how you can exercise your rights not to accept the use of Tracking Technologies, is set out in our ‘Cookies’ Policy.

What this Privacy Policy does not cover

Where Rokt provides information to a third-party (such as a Brand or Partner) (for example in relation to an Offer), you acknowledge that your Personal Information will be handled by that third-party in accordance with its own privacy policy and not in accordance with the Rokt privacy policy. You should consult our Brand’s and Partner’s own privacy policies for further details on their use, disclosure, transmission or storage of your Personal Information.

This policy does not apply to the practices of organizations that Rokt does not own or control, or to people that Rokt does not employ or oversee even if offers, coupons or links to their websites appear within our technology.

As a marketing technology provider, Rokt does not endorse any specific Partner or Brand, nor does it take any responsibility for concluding or finalizing Offers on their behalf. Rokt gives you the opportunity to elect to receive information about Offers that you determine are of interest to you – without taking any of your specific personal circumstances into account.

Your rights in relation to your Personal Information

Subject to applicable law, you may have a number of rights regarding the processing of your Personal Information, including:

  • the right to request access to, or copies of, your Personal Information that we process or control, together with information regarding the nature, processing and disclosure of that Personal Information;
  • the right to request rectification of any inaccuracies in your Personal Information that we process or control;
  • the right to request, on legitimate grounds:
    • deletion of your Personal Information that we process or control; or
    • restriction of processing of your Personal Information that we process or control;
    • the right to object, on legitimate grounds, to the processing of your Personal Information by us or on our behalf;
  • the right to request, available information on the source of the personal data where it is not from you;
  • where we rely on your consent to use your Personal Information (e.g. for the sending of direct marketing by electronic mail), the right to withdraw that consent – see below under ‘How do I withdraw consent/ unsubscribe?’
  • where we process your Personal Information on the basis of your legitimate interests the right to object to the processing of your personal information – see below under ‘How do I Opt Out?’
  • the right to file a complaint with a Data Protection Authority regarding the processing of your Personal Information by us or on our behalf.

Other users may have similar rights granted to them under local laws. In such case we will act in accordance with those laws.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Policy, or about our processing of your Personal Information, please use the contact methods described below.

Note as a security measure, to ensure that we properly identify you, such requests will only be actioned in respect of, and confirmed by way of reply email to, the specific email address from which the request was made. Note we will refuse requests made in respect of email addresses which a user cannot access. User requests will be answered as soon as possible but not later than one month after they are made or such other time that may be required under applicable privacy laws.

How do I withdraw consent / unsubscribe?

Withdrawing consent from Rokt for direct marketing communications / unsubscribing

Where you have given your consent for specific purposes, such as sending direct marketing by electronic mail, Rokt provides a facility for you to withdraw such consent for Rokt to process the Personal Information for that purpose. Note there are no adverse consequences for withdrawing your consent.

To unsubscribe from:

  • any specific electronic correspondence from Rokt by using the ‘unsubscribe’ link contained in emails we send you or replying “STOP” to any SMS message you receive;
  • all future email correspondence from Rokt, please send an email to privacy@rokt.com with the subject “Withdraw Consent” and we will unsubscribe you from all communications we send you.

Note: if you withdraw consent, we will keep a copy of your email address on file to record that you have withdrawn your consent, and we will retain any information not provided on the basis of consent, and any information to the extent necessary to establish, exercise or defend legal rights.

Withdrawing consent from Brands and Partners for direct marketing communications / unsubscribing

In order to withdraw consent from Brand and Partners, to exercise your data subject rights or to otherwise access, update or delete any of your Personal Information retained by them, you should contact them directly.

Where Brands and Partners have integrated with the Rokt unsubscribe mirroring service, where you request to unsubscribe from any further email correspondence from Rokt, you will be presented with the option to also unsubscribe from Brands and Partner communications at the same time. This may only be done by following the unsubscribe link contained in the emails we send you, and will be confirmed at the time of making the unsubscribe.

Otherwise, if you wish to unsubscribe from any further electronic correspondence from Brands or Partners, you should submit a request to those organizations directly using the unsubscribe facility provided by them, or otherwise as described in their communications to you, or as set out in their Privacy Policy.

Is Unsubscribing the same as Opting Out?

No. Unsubscribing/ withdrawing consent means we won’t send future electronic communications to you unless you sign up again to subsequent offers. However, if you want to avoid in future seeing any third-party Brand Offers on Rokt Sites, you should ‘Opt Out’. The next section deals with Opting Out.

How do I Opt Out?

Opting out from Brand Offers

Rokt provides a facility for you to opt out of seeing all future third-party Brand Offers on Rokt Sites (thereby avoiding any targeted third-party offers in future).

To request this please send an email to privacy@rokt.com with the subject “Opt Out”. Note we will keep a copy of your email address on file to retain a record that you have opted out. If you use another email with Rokt Partners, then you may need to Opt Out from multiple email addresses in order to ensure you don’t see any targeted third-party offers in future.

Even if you Opt Out you will still need to unsubscribe directly from any Partner or Brand’s mailing list if you want to stop receiving electronic communications from them.

Opting out from Partner Offers

Even if you Opt Out you will still see offers from Partners which are native to the Partner’s site. You cannot opt out from seeing first party Partner Offers.

Children’s Privacy

Rokt does not allow advertisements to be targeted at individuals under the age of 16.

Rokt does not knowingly collect Personal Information from or about children under the age of 13. If we learn that we have collected Personal Information on a child under the age of 13, we will delete that data from our systems.

Rokt encourages parents and guardians to monitor their children’s activities online.

Complaints

Rokt treats complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavor to deal with it comprehensively and reach an outcome with which all parties are satisfied. If you have any questions concerning any element of this privacy policy, or privacy complaints, please contact the privacy team at privacy@rokt.com

Changes to this Privacy Policy

Rokt may update this privacy policy at any time. If we do so, we will post any Privacy Policy changes on our website, which you can review at any time. You will also be presented with this Privacy Policy whenever you are shown Offers on Rokt Sites. Your continued use of such services after any change will signify and confirm your assent to changes to our Privacy Policy.

Whom to contact about this policy

Rokt’s Data Protection Officer can be contacted via dpo@rokt.com.

Rokt Pte Ltd is the parent company of the Rokt Group, with subsidiary companies operating in Australia, the United Kingdom, Japan, the Netherlands, Germany and the USA. For a list of our offices, and contact details, go to https://www.rokt.com/about-us/.

Rokt (UK) Ltd is designated as a representative within the European Union for all other members of the Rokt Group that are located outside of the European Union. Rokt (UK) Ltd shall be addressed in addition to other members of the Rokt Group by supervisory authorities and data subjects on all issues related to processing for the purposes of ensuring compliance with the General Data Protection Regulation (Regulation 2016/679).

Version: 28 May 2019