Privacy Policy

Last update: June 11, 2024

Dentsu is a global media, creative and customer experience management group made up of several brands. We help our clients to improve how they advertise and market, whether by print, post, email or in the digital world. We believe that the responsible use of data supports business growth and builds strong relationships between brand and consumer. As a business, we are committed to respecting and protecting the privacy of all individuals we interact with. We are committed to being always transparent in our handling and processing of Personal Data in accordance with applicable privacy and data protection laws. 

Who is responsible for processing your Personal Data?

dentsu does business through its subsidiaries and affiliates worldwide. The privacy laws in some countries require a Controller (the legal entity (who defines the purposes for which the processing of personal information takes place and how that information is processed) to be selected.

Where this is relevant for the privacy laws in your country, the dentsu group company who acts as the Controller of your Personal Data, and who is responsible for processing your Personal Data will be the dentsu group company operating in your country or region unless dentsu International or another dentsu company identifies itself as the Controller for a specific interaction with you. The relevant dentsu group company is referred to as “our”, “us” and “we” in this notice.  

If you have any questions or are unsure about who your Controller is, please review the additional information provided for your market below or contact us DPO@dentsu.com and we will ensure your details reach the correct entity. 

What this privacy notice covers 

This privacy notice explains in detail the types of Personal Data we may collect about you when you interact with us through our websites, digital experiences, business relationship management, events, B2B marketing activities or where you visit our offices. By using our website or services and providing your Personal Data to us, you are allowing our collection, use and disclosure of your Personal Data for the purposes set forth in this privacy notice based on the lawful basis set out in this privacy notice.

  • If you are a dentsu employee or job applicant, please find our Employee Privacy Notice here;
  • If you are using one of our products, please consult our product specific privacy notices. These are likely to be different market to market.
  • If you are looking for information on cookies, please consult our Cookie Notice here.

"Personal Data" means any information about the personal or material circumstances of an identified or identifiable individual. Your Personal Data therefore includes all data related to you that enables identification, such as your name, your address, your telephone number or your e-mail address.

What's not included

This Privacy Notice does not cover:  

  • the advertising activities we carry out for our clients; 
  • information about our employees, contractors or potential employees;
  • Information about the cookies we use and the data they capture; 
  • Information collected through products we provide as part of our marketing, advertising or media activities (ie information we process as a data processor when undertaking any of our marketing, advertising or media activities on behalf of our clients). 

These are all covered in separate privacy notices, or cookie notices which can be found through the relevant site of the market they operate in.  

1. Personal Data we may collect 

We may process Personal Data you provide directly to us, Personal Data we collect through automated means, or Personal Data we obtain through other sources. You are not required to provide any Personal Data, however, if you choose not to do so, we may not be able to provide you with our products or services or respond to your requests. Generally speaking, we will collect Personal Data relating to you and/or your use of our services in the following ways:

 

(A)  Personal Data you provide to us:

·      Contact data

We collect contact details when you sign-up to receive email alerts, attend one of our events, visit our offices, work with us, download our content, subscribe to our newsletters or where you ask us to respond to a query you have. The Personal Data we collect may include your name, email address, phone number, job title, and workplace location.  

·      Marketing and communications data 

We collect Personal Data relating to your preferences regarding receiving marketing information from us and your communication preferences (where permitted under applicable privacy laws). 

·      Location Data

We may ask you where you are located as part of our marketing activities, or when you sign up to events or ask to attend meetings. This will not be tracked through your device at all and will only ever include what you have shared with us.

 

(B)  Personal Data we collect through automated means:

·      Personal Data relating to your use of our website(s)

We collect Personal Data about how you use our website(s). This includes Personal Data relating to the pages you visit on our website(s), the services or information you search for and the links and content you choose to access.  

·      Profiling data

We may use the Personal Data you provide through your use of our website(s)to provide you with relevant content and to inform our marketing strategy. This type of activity is sometimes known as “profiling” – using automated means to process your Personal Data to analyse or predict your personal preferences, interests or behaviours. You can object to profiling  (where entitled under applicable privacy laws).

·       Technical Personal Data 

We collect Personal Data about the device(s) you use to access our website(s) as well as other related information. You may find more information on the cookies we use and the purposes for which we use them on our separate Cookie Notice

 

(C)  Data we collect from other sources:

·      Data we collect from third parties

We may collect Personal Data about you from third parties. Such third parties may include analytics providers, affiliate partners and third-party platforms such as LinkedIn. We may also collect Personal Data where you register and/or attend an event which we host or are a named affiliate partner of. We do not buy Personal Data lists.

Note that we do not actively seek to collect information about children or minors, or anyone’s sensitive Personal Data. Please see more details below.

·      Children

We do not actively seek to collect the Personal Data of children or minors (as defined under the applicable law in your jurisdiction). If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered Personal Data onto our website(s), please contact us at dpo@dentsu.com. We will delete such Personal Data from our records within a reasonable time.

·      Sensitive Personal Data 

We do not intentionally collect sensitive Personal Data as part of the processing activities carried out under this privacy notice.

2. How we use this Personal Data

Except where required by law, we use and process the Personal Data we collect about you for the following purposes: 

·       to generate leads;

·       to send you newsletters and information relating to our brands and services;

·       to manage our relationship with you;

·       to arrange and manage visits to our offices; 

·       to ensure our website(s) is kept relevant and useful;

·       to ensure our website(s) remain secure;

·       to respond to your enquiries and feedback; 

·       to respond to, and manage, data subject rights requests; 

·       to analyse and/or improve our services;

·       to verify your identity and Personal Data;

·       to maintain and update our records;

·       to protect and defend our legal rights / respond to complaints; and

·       to facilitate acquisitions and potential acquisitions of or by our business, including any related transitional and business integration activities. 

Under various data protection laws we are required to advise you on the legal basis for processing your personal data. In the table below we set out further information about the purposes for which we use your personal data and the legal basis we rely on for its use (where required under applicable privacy laws). Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

In APAC we usually rely on Consent as our lawful basis in accordance with local laws. Where this is the case, we will have explicitly asked you to consent, and you will have the ability to withdraw your consent at anytime. Where we rely on a lawful basis other than consent, it will be as listed below.

Processing Activity Types of data used Lawful basis (where applicable)
To arrange and run events: The process by which invitations are sent to, acceptances are received from and attendance at dentsu events, are managed. Contact data, data we collect from other parties, location data. Legitimate Interests 
To generate leads: We may use Personal Datacollected from visitors to and users of our website(s), attendees of events, or client contacts to locate potential leads.  Contact data, data we collect from other parties, Personal Data relating to your use of our website(s). Legitimate interests or consent (where you have expressly provided it)
To send you our newsletters and information relating to our brands and services: The distribution of dentsu's own commercial content to potential customers, leads and prospects, and anyone else who has subscribed to receiving such collateral. Contact data, data we collect from third parties, location data, marketing and communications data. Consent
To manage our relationship with you: The processing of basic contact details of clients and suppliers for the purpose of relationship, account and/or project management. Contact data, location data, marketing and communications data, technical Personal Data Contractual Necessity
To arrange and manage visits to our offices: the process of ensuring we keep an appropriate record of all visitors to the office, as well as possible accidents or incidents that may have occurred. Contact data, location data. Legitimate Interests
To ensure our website(s) are kept relevant and useful: We conduct statistical analysis on your usage of our website(s) e.g. to enable us to improve our website(s), offer new features and material. Personal data relating to your use of our website(s), Personal Data processed through automated means, technical Personal Data.
Legitimate interests (to study how clients use our service and engage with our content. To develop our service, to grow our business and to inform our marketing strategy) where permitted under applicable privacy laws.
To ensure our website(s) remain secure: This process protects against malicious web activity and blocks access to our website(s) that violate enterprise policy. Cloud and endpoint web filtering service. Personal data relating to your use of our website(s), technical Personal Data. Legitimate interests 
To respond to any enquiries or feedback that you send us: To update you with any changes to our terms and conditions/other policies All Personal Data we collect may be relevant. Legitimate Interests or Contractual Necessity 
To respond to, and manage, data subject rights requests: The process of responding to data subject rights requests such as data subject access requests, data erasure requests, requests to opt out from specific type of processing and other, as legally required under relevant data protection laws.  All Personal Data we collect may be relevant. Legal Obligation 
To analyse and improve our services: this processing enables us to utilise our interactions with you to ensure we continue to provide the best service possible. Personal data relating to your use of our website(s), email, name, phone, company name, job title. Legitimate Interests or consent where cookies are used
To maintain and update our records: we are required to keep up to date records to ensure we can operate efficiently and effectively as a business. Contact data, location data, marketing and communications data. Legitimate Interests or Legal Obligation 
To protect and defend our legal rights / respond to complaints: This process involves complaints submitted to dentsu by regulators and/or individuals whistleblowing regarding dentsu Personal Data protection and management practices.  All Personal Data we collect may be relevant. Legal Obligation or Legitimate Interests
To facilitate acquisitions and potential acquisitions of or by our business, including any related transitional and business integration activities.  All Personal Data we collect may be relevant. Legitimate Interests 
3. How long will we keep your Personal Data  

We will keep your Personal Data for as long as is necessary for the relevant service, in accordance with our legal obligations. After this time, your Personal Data will either be securely deleted or anonymised so that it can be used for analytical purposes. You may request further information about our retention periods via the contact details given in this privacy notice or request that we delete your data in accordance with your rights as set out below.

4. How we secure your Personal Data  

We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of personal data whether in physical or electronic form. We also seek to ensure our service providers and/or any approved external Third-parties who store or process personal data on our behalf do the same. The safeguards we use, depending on the circumstances, may include firewalls, penetration testing, vulnerability scans, encryption and restricted access to our IT systems.  

5. Information Sharing and Disclosure

Whenever we share Personal Data, access is controlled on a need-to-know basis, and is only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions. 

We will only transfer your Personal Data outside the market in which you are located where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any Personal Data being processed and in compliance with applicable privacy and data protection laws. This may be through a contract we have in place with the importing company, or because we know that where the importing company is based has even stricter data protection laws than the one you are based in/ it was received in.

We take internal data protection very seriously. Our employees and the service companies commissioned by us have been contractually bound to treat personal data with appropriate confidentiality and to act in compliance with data protection regulations. 

 

Information shared with our third-party service providers

We use a number of third parties to perform business functions on our behalf, such as sending our newsletters and hosting our online services and customer relationship management. We will only disclose the information necessary to enable these third parties to perform their services. Our service providers are contracted to comply with our instructions. 

We might share information with third parties who help us with our marketing efforts, including social media platforms, advertising networks, and ad tech companies. For example, we may share email addresses or other contact information with social media platforms so they can serve our advertising to you on their platform. Personal data received by our partners may also be subject to their privacy policies and the tools they provide for you to manage how your Personal Data is used for advertising purposes.

 

Group company transfers

Dentsu International is a globally operating media group consisting of multiple companies. Therefore, we may from time to time disclose your Personal Data within our group of companies. 

Where we transfer Personal Data between our group companies, we have covered these transfers by entering into an Intra-Group Data Transfer Agreement. This provides us with a mechanism to transfer Personal Data around the globe where necessary.

We may also disclose personal information with any successor to all or part of our business. For example, if part of our business is sold, we may give our customer list as part of that transaction.

 

Information shared with other parties 

Where required or permitted by law, Personal Data may be provided to others, such as regulators and law enforcement agencies, for example in response to a court order or a subpoena, or in response to a law enforcement agency request, or where we believe it is necessary to investigate, prevent or act regarding illegal activities, and as otherwise required by law. 

We may also collect Personal Data from the parties described in this section.

You may request further information on the measures used for such transfers via the contact details given in this Privacy Notice.

6. Your rights 

Depending on the applicable privacy law of the market you are in, you may have several rights in relation to your Personal Data, including:

·       Objecting to our processing of your Personal Data. Where we rely on legitimate interest (or those of a third-party) and if you feel it impacts on your fundamental rights and freedoms, you can object to our processing. You also have a right to object where your Personal Data is used for direct marketing or profiling. You can object at any time, and we shall stop processing the data you have objected to, unless we can show legitimate grounds to continue. 

·       Accessing your Personal Data. We may be required to provide you with information we hold about you upon your request, including a description and copy of the Personal Data and why we are processing it, unless a lawful exception applies. We will require you to prove your identity before providing your Personal Data. 

·       Requesting the provision of your Personal Data to a third party. You may ask us to provide you or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to Personal Data you have provided to us; and if you have consented to our use or where we used the Personal Data to perform a contract with you. 

·       Requesting erasure (deletion) of your Personal Data.  You may ask us to delete your data where you think we no longer require it. Note, we may be required to retain certain Personal Data by law and/or for our own legitimate business purpose. But when we do so, we will inform you.

·       Requesting correction or updating of your Personal Data. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. 

·       Requesting the restriction of our processing of your Personal Data. In some situations and only in some jurisdictions you can request a restriction to our processing. If you request this, we can continue to store your Personal Data but are restricted from processing it while the restriction is in place.

·       Withdrawing your consent. Where you have consented to our processing of your Personal Data, you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of what we have done with your Personal Data before you withdrew consent or affect our right to continue with our collection, use or disclosure of your Personal Data where such collection, use or disclosure of Personal Data is permitted under applicable laws without consent. If you receive marketing communications from us, you can withdraw your consent to marketing by hitting the unsubscribe button contained within the email.

·       Making a Complaint. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, or if you wish to reach out to them directly, you can complain to your local data protection authority. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office. If you have any questions about who your local authority is, please contact us and we can provide the relevant information.

·       Opting out of marketing. You may choose not to receive marketing communications from us. You can ask us to stop such messages at any time by clicking on the “unsubscribe” link at the bottom of the message.  Please note that even if you choose not to receive marketing communications from us, you still may receive non-marketing communications, such as responses to your inquiries or notices regarding your account or our relationship with you.

If you exercise the rights above, the request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide adequate information that we can reasonably verify that you are the person about whom we collected the personal information (including information that enables us to verify the identifying information we possibly maintain about you).

We will respond to requests within the required timeframes. If we need extra time to respond, we will let you know why, and how long we require, in writing. To protect your Personal Data, we will only honour requests if we have been able to verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any access or deletion. Verification will usually be performed by matching the identifying information provided by you to the personal information that we already have.

Note that if you are in a market where these rights do not exist, we reserve the right to deny your request.

7. Our responsibility for Personal Data collected through website links

This privacy notice is limited to the Personal Data collected by us. We do provide links within our website(s) to other websites, including social media websites such as Facebook, Twitter and LinkedIn, or links to the sites of other dentsu entities. If you follow these links, your use of these websites will be governed by their applicable user and privacy notices since their data practices fall outside the scope of this privacy notice. Further, we can have no responsibility for or control over the Personal Data collected by any third-party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.

8. Updates

This privacy notice may be updated from time to time to reflect changes in law, best practice, changes in what we do, or changes in the way we treat Personal Data. The date of the most recent revision will appear at the top of this page. If you do not agree to the changes, please stop using our services and refrain from sharing your Personal Data with us. You should check this notice frequently for updates.

9. Contact us

If you have any questions about this privacy notice, our approach to privacy or you would like to exercise any of the rights mentioned in this privacy notice you can contact our Data Protection Officer in any of the following ways:

1.     Address: Data Protection Officer, Dentsu international, Regent’s Place, 10 Triton Street, Regent’s Place, London, NW1 3BF 

2.     Email: DPO@dentsu.com  

 3.     Or using the information of your local DPO included in the section below.

Note if your request relates to any Merkle data processing in the USA please go here.

Additional Information for certain markets

We provide additional information about our controllers and data protection officers (as applicable), the privacy, collection, and use of personal information data subjects of dentsu located in certain markets.

Australia

(a)   Transfers 

The dentsu entities and other parties with which we share Personal Data may be located in European Economic Area, United Kingdom, United States of America, India, Singapore, New Zealand, and other countries. While they will often be required to comply with obligations to protect that Personal Data, we will are not responsible for ensuring they comply with the specific requirements of your country’s privacy and data protection laws.

 

(b)   Data Subject Rights

Requesting correction or updating of your Personal Data. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. In Australia, you have related rights, including asking us to tell third parties about the correction if we had disclosed the uncorrected Personal Data to them, or, if we decline to make a correction, to ask us to note your disagreement together with the data.

Belgium

Belgium (dentsu) 

Local Controller:  Dentsu Belgium BV. Boulevard du Souverain 24, 1170 Watermael-Boitsfort, Belgium

KBO 0766.997.311

Contact us: E-mail: dpo@dentsu.com 

Local data protection authority: Gegevensberschermingsautoriteit

 https://www.gegevensbeschermingsautoriteit.be/burger/startpagina

Brazil

(a) Your Brazil Rights

You have the following rights in relation to your personal data, including:

·       You may object to our processing of your personal data where we rely on legitimate interest (or those of a third-party) if you feel it impacts on your fundamental rights and freedoms. You also have a right to object where your personal data is used for direct marketing or profiling. You can object at any time and we shall stop processing the data you have objected to, unless we can show legitimate grounds to continue. 

·       You may request confirmation of the existence of the processing of your personal data by us. 

·       Access your personal data. We may be required to provide you with information we hold about you upon your request, including a description and copy of the personal data and why we are processing it, unless an lawful exception applies. We will require you to prove your identity before providing your personal data. 

·       Information about public and private entities with which the controller has shared data. We may also be required to provide you with information regarding the private or public entities that we may have shared your personal data, according with the conditions provided by this privacy notice. 

·       Request the provision of your personal data to a third party (portability). You may ask us to provide you or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. 

·       Request anonymization, blocking or erasure (deletion) of unnecessary or excessive personal data. Note, we may be required to retain certain personal data by law and/or for our own legitimate business purpose. But when we do so, we will inform you.

·       Request correction or updating of your personal data. This enables you to have any incomplete, inaccurate or out-of-date personal data we hold about you corrected. You may have related rights, including asking us to tell third parties about the correction if we had disclosed the uncorrected personal data to them.

·       Request the deletion of personal data processed with the consent of the data subject, except in the situations provided for in the Law.

·       Information about the possibility of denying consent and the consequences of such denial.

·       Revocation of your consent. Where you have consented to our processing of your personal data, you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of what we have done with your personal data before you withdrew consent or affect our right to continue with our collection, use or disclosure of your personal data where such collection, use or disclosure of personal data is permitted under applicable laws without consent.

·       Right to petition. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, you can complain to your local data protection authority. If you have any questions about who your local authority is, please contact us and we can provide the relevant information.

·       Review of decisions taken by automatic means. You may request a review of data processing decisions taken solely by automatic means, if those decisions are able to affect your interests. 

If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.  

If you would like to access more specific information related to the processing of your personal data if the Brazilian law applies, we recommend that you access our Brazilian Privacy Policy. 

If you would like to exercise any of the rights mentioned in this privacy notice you can contact our Data Protection Officer in any of the following ways:

Address: Data Protection Officer, Dentsu Brasil, 949 Brigadeiro Faria Lima Avenue. Pinheiros. 11º floor. São Paulo, SP. 05426-100. 

Email: brasil.dpo@dentsu.com

Denmark

Denmark (dentsu) 

Local Controller: Dentsu Danmark A/S 

Overgaden Neden Vandet 7, 1414 Copenhagen 

CVR: 58 22 78 11 

Contact us: E-mail: dpo@dentsu.com 

Local data protection authority: Datatilsynet 

You will find Datatilsynet’s contact information at www.datatilsynet.dk

 

Denmark (Merkle) 

Local Controller: Merkle Denmark A/S 

Meldahlsgade 5,5., 1613 Copenhagen CVR: 25 53 32 67

Contact us: E-mail: dpo@dentsu.com

Local data protection authority: Datatilsynet 

You will find Datatilsynet’s contact information at www.datatilsynet.dk

Germany

Der Verantwortliche im Sinne der DSGVO ist:

Carat Deutschland GmbH Speicherstraße 53 60327 Frankfurt am Main

Vetretungsberechtigte Geschäftsführer: Andrea Beninde, Jens Erichsen, Nina Brit Brando, Giulio Malegori

Amtsgericht Frankfurt am Main  HRB 117248 UST-IdNr. DE 813 252 362

Für Fragen zur Verarbeitung Ihrer personenbezogenen Daten durch uns oder zum Thema Datenschutz allgemein wenden Sie sich bitte an datenschutz_germany@dentsuaegis.com.

Impressum

Dentsu Germany GmbH
Speicherstrasse 53
D-60327 Frankfurt am Main
Tel: +49 (0)69 505026-100
Fax: +49 (0)69 505026-500


Authorized managing directors:
Karin Zimmermann, Georg Berzbach, Werner aus den Erlen, Walter Hassler, Giulio Malegori, Nathalie Schubert, Rosemary Alexander, Björn Osterndorff, Robin Jansen

District Court of Frankfurt am Main HRB 117289
VAT ID No. DE 815 235 688

Greece

Ι) EDEE/HACA, Hellenic Association of Communications Agencies. EDEE/HACA is the national trade body representing all communications disciplines in Greece: Advertising, Media, PR, Integrated Marketing Communications, Branding & Design. EDEE/HACA is a member of: European Association of Communications Agencies (EACA), International Communications Consultancy Organisation (ICCO), Federation of European Direct & Interactive Marketing (FEDMA), Integrated Marketing Communications Council Europe (IMCCE), (Website: http://www.edee.gr/).

ΙΙ) SEE (Advertising Self-Regulation Council). SEE is the independent national self-regulatory organization of the Greek advertising industry, officially established by law in 2003. Its main goal is the right implementation of the ethical rules of the Greek Code of Advertising and Communications Practices by the industry, to ensure that consumers are protected, and marketing communication maintains its credibility. SEE is a member of the: European Advertising Standards Alliance (EASA), International Council for Ad Self-Regulation (ICAS), Institute of Communication. SEE is fully and legally recognized by the Greek regulators as having the exclusive responsibility for upholding the provisions of the Greek Code of Advertising and Communications Practices and has won EASA’s Bronze Best Practice Award in 2019. SEE’s services include: 1. Receiving and acting on complaints regarding marketing communications, 2. Providing copy advice for unpublished advertising material, 3. Issuing sector/issue based Best Practice Recommendations, 4. Informing companies and consumers about the Advertising Code, 5. Providing training of SEE’s Committee members, 6. Offering educational seminars to companies wishing to learn more about the Code and good advertising practices, (Websitehttp://www.see.gr/). The purpose of the organization is both the suppressive and voluntary control of the content of all forms of commercial communication in order to ascertain consultatively, preventively or repressively compliance with the provisions of the ‘GREEK ADVERTISING – COMMUNICATION CODE’, always within the framework of the applicable Greek legislation. The organization is also responsible for the establishment and proper functioning of the crisis management committees. The Primary Committee (5 members) consists of representatives of EDEE and SDE (Hellenic Advertisers Association). The Secondary Committee (12 members) is complemented by representatives of the Μedia. 

III) Hellenic Data Protection Authority (DPA). The Hellenic Data Protection Authority is a constitutionally established independent public authority, which has as its mission the supervision of the application of the General Data Protection Regulation (GDPR), national laws 4624/2019 and 3471/2006, as well as other regulations concerning the protection of the individual from the processing of personal data. The Hellenic DPA is competent to handle complaints and investigate, if deemed necessary in cooperation with supervisory authorities of other EU member states, cases of alleged violations of data protection law. Data Subjects, especially if Greece is their habitual residence or place of work, or the place of the alleged infringement, shall fill in all required fields in the appropriate form depending on the case/subject-matter of the complaint and attach any documents directly linked to the complaint. Data subjects have the right to assign non-profit bodies or organizations or unions or associations that legally operate, have statutory goals of general interest and operate in the field of protection of rights and freedoms of data subjects with regard to data protection, to submit a complaint, to the Hellenic DPA, on their behalf. (Website: https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa/). 

Hungary

Dentsu is represented by dentsu Hungary Kft. in Hungary, contact details:

Address: 1027 Budapest, Kacsa u. 15-23.

Phone number: +36 1 411 2200

Email: privacy.hungary@dentsu.com

Israel

If you are an Israeli resident, by approving this privacy policy or by using the services on the website you provide consent to the processing of your personal data hereunder. 

We note that you are not legally required to provide such consent, but without it, we will not be able to provide the services offered.

Italy

Local Controller: Italy

Italian DPO: Avv. Lapo Curini Galletti  

email: lapo.curinigalletti@dentsu.com

Netherlands

Netherlands (dentsu)  

Local Controller: Dentsu Netherlands BV 

Moermanskkade 85, 1013BC Amsterdam, the Netherlands 

KvK 33202665 

Contact us: E-mail: dpo@dentsu.com  

Local data protection authority:  

Autoriteit Persoonsgegevens (AP) https://www.autoriteitpersoonsgegevens.nl/ 

Local data protection authority:  

Autoriteit Persoonsgegevens (AP) https://www.autoriteitpersoonsgegevens.nl/ 

New Zealand

(a)   Transfers

Some of our dentsu entities may be subject to privacy laws that do not provide the same level of protection as your local privacy laws. By providing Personal Data to us, you consent to the disclosure of your Personal Data to dentsu entities in such other jurisdictions.

Norway

Norway (dentsu) 

Local Controller: Dentsu Norge AS

Kristian Augusts gate 23, 0164 Oslo, Norway

Reg. No. 927 445 875

Contact us: E-mail: dpo@dentsu.com 

Local data protection authority: Datatilsynet

You will find Datatilsynet’s contact information at www.datatilsynet.no

Philippines

(a) Your Rights

As a supplement to the rights mentioned above, you have the following rights under the Data Privacy Act of 2012 and its implementing rules and regulations:

(1)   Right to Access. You may have the right to reasonable access to, upon demand, the following:

  • Contents of your personal data that were processed;
  • Sources from which personal data were obtained;
  • Names and addresses of recipients of the personal data;
  • Manner by which such data were processed;
  • Reasons for the disclosure of the personal data to recipients, if any;
  • Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
  • Date when personal data concerning you were last accessed and modified; and
  • The designation, name or identity, and address of the personal information controller. 

(2)   Right to Damages. You may have the right to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of your rights and freedoms as data subject.

(3)   Right to Lodge a Complaint. You may also have the right to lodge a complaint before the National Privacy Commission for any violation of your data privacy rights.

Spain

Le informamos también de que nos encontramos adheridos al Código de Conducta de Protección de Datos en la Actividad Publicitaria de AUTOCONTROL, acreditado por la Agencia Española de Protección de Datos y, por tanto, que estamos vinculados a su sistema extrajudicial de tramitación de reclamaciones cuando las mismas estén relacionadas con protección de datos y publicidad. Si no has quedado conforme con la respuesta que hemos dado a tu solicitud, además de presentar una denuncia ante la Agencia Española de Protección de Datos, puedes formular una reclamación ante el Jurado de la Publicidad de AUTOCONTROL en el plazo no superior a un mes natural desde la finalización del proceso, contactando a través del siguiente correo electrónico: reclamaciones.pd@autocontrol.es.

Sweden

Sweden (dentsu) 

Local Controller: Dentsu Sweden AB

BOX 4125, 102 63 Stockholm

Reg. No. 556259-6733

Contact us: E-mail: dpo@dentsu.com 

Local data protection authority: Integritetsskyddsmyndigheten 

You will find Integritetsskyddsmyndigheten’s contact information at www.imy.se/

 

Sweden (Merkle) 

Local Controller: Merkle Sweden AB 

BOX 4125,  102 63 Stockholm

Reg. No. 556807-5641

 

Contact us: E-mail: dpo@dentsu.com 

Local data protection authority: Integritetsskyddsmyndigheten 

You will find Integritetsskyddsmyndigheten’s contact information at www.imy.se/

Thailand

(a)   Your Thailand Rights

This section describes the data privacy rights of Thailand residents. Below you will find the additional information required as per applicable data protection legislation.

 

Section 10  - Contact us

You may contact our representative in any of the following ways

Address: 968 U-Chu Liang Building, 27th- 28th Floor, Rama 4 Road, Kwaeng Silom, Khet Bangrak, Bangkok 10500, Thailand

Telephone: 02 238 6654

Email: THDPO@dentsu.com

Turkey

The Rights of the Data Subject 

Under Article 11 of the Turkish Personal Data Protection Law numbered 6698 ("PDPL"), you, as a data subject, have the right to: 

- Learn whether your personal data has been processed, 

- Request information if your personal data has been processed, 

- Learn the purposes of such processing of your personal data and whether processed data is being used in accordance with these purposes, 

- Learn the third persons to whom your personal data has been transferred within or outside the country, 

- Request correction in case the processing of your personal data is incomplete or inaccurate, 

- Pursuant to the Article 7 of the PDPL, request the erasure or destruction of your personal data and request notifying to them to whom the personal data is transferred, 

- Object to the occurrence of a result against you by analyzing the data processed solely through automated systems 

- Request compensation if you suffered damages due to unlawful processing of your personal data.  

 

You, as the data subject, may send an e-mail to dpo@dentsu.com (using your e-mail address previously provided to Dentsu or your registered e-mail address) to exercise the above rights. If the execution of the requests requires additional costs, such costs will be charged to you by Dentsu in accordance with the price list established by the Personal Data Protection Authority. The explanations of the data subject in the application form regarding your request for exercising the above-mentioned rights should be clear and comprehensible. 

 

In case the application is made by the data subject directly, the application should contain their name, surname, Turkish ID number (passport number for foreigners), address (so that our response can be conveyed) and documents evidencing the identity. 

 

In case the application is made by a third party who acts on behalf of the data subject, such person should be specifically authorized on this matter and should submit a document as a proof of representing their authority. In this case, the application should contain the names, surnames, Turkish ID numbers (passport numbers for foreign persons), addresses (so that our response can be conveyed) of both the applicant and the data subject and documents evidencing their identities. 

 

Moreover, data subjects may send a request to exercise their right to complaint before the Personal Data Protection Authority with the contact information below: 

Address  : Nasuh Akar Mah. Ziyabey Cad. 1407. Sok. No: 4 06520 Balgat - Çankaya / Ankara 

Phone Number : +90312-216-5000 

Website  : http://www.kvkk.gov.tr/

USA

This Privacy Notice includes certain disclosures required under applicable U.S. privacy laws.  Please note that the rules implementing some of these laws have not yet been finalized.  We are committed to continual compliance with these laws and will update our processes and this notice as the rules are finalized and the law requires.

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”) provides residents of their respective states with additional rights with respect to their personal data. Those rights are explained below in Your Privacy Rights. 

a)     How we Use This Personal Data

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” (also known as “targeted advertising”) and/or (c) “sell” such personal information. 

As noted above, in this Privacy Notice, the term “personal data” has the meaning ascribed to it under applicable U.S. laws, and includes the term “personal information” as defined by the California Consumer Privacy Act of 2018, as amended.

In the table below we set out further information about the purposes for which we use your personal data and the categories of third parties that we disclose, “sell,” or share the personal data .  The term “share” has the meanings ascribed to it under applicable U.S. privacy laws, including for “cross-context behavioral advertising” or “targeted advertising.”  The term “sell” has the meanings ascribed to it under applicable U.S. laws, meaning the sale of your personal data to an outside party for monetary or other valuable consideration, subject to certain exceptions.  In the second column, we also specify how such personal data is categorized under applicable U.S. privacy laws. For more information about the categories of personal data under applicable U.S. privacy laws,  see Your Privacy Rights.

Purpose/Activity

Types of personal data that may be processed

Categories of third parties to which we may disclose this personal data for “business purposes”

Categories of third parties to which this personal data may be ”shared” or “sold” for advertising/analytical purposes

To send you information about our services:


To send you information which you have requested e.g. newsletters or publications in accordance with your specified preferences

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities; Online advertising partners

We do not sell/share

To improve and develop our website:
We conduct statistical analysis on your usage of the website e.g. to enable us to improve our website, offer new features and material etc.

(a) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

To deliver relevant content to you, and measure or understand the effectiveness of the content we serve to you.

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities; Online advertising partners

We do not sell/share

To respond to any inquiries or feedback that you send us

To update you with any changes to our terms and conditions/other policies

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

To provide you with services and fulfill your transactions.

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

To protect this website, our company, our employees, and our users from malicious attacks, hacking, fraud, or other illegal or unauthorized activity

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

To share information with our service providers.

(a) Name

(b) Email address

I Phone number

I Social media account handles

(d) Mailing address

I General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities; Online advertising partners

We do not sell/share

To share information within the dentsu international group for business purposes.

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) Technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

To share information with other third parties, such as regulator and law enforcement agencies

(a) Name

(b) Email address

(c) Phone number

(c) Social media account handles

(d) Mailing address

(e) General location (Identifiers: personal data; professional or employment related information)

(f) Commercial and Preference Information (responses to surveys, details of your attendance at our events, interest in our services, information about our contact history with you and your other transactions and preferences)

(g) technical and usage (identifiers: personal data, such as IP address, device identifiers, internet or other similar network activity)

(h) Location information (identifiers: precise geolocation, general location using zip code or postal code and IP address)

(i) Inferences (using other pieces of personal data collected about you and attributes connected to your IP address)

Third-party service providers; Entities due to corporate mergers or restructuring; Other parties as required by law or to prevent or investigate illegal activities

We do not sell/share

We do not sell or share any Personal Data about you to any third party and have not done so within the past 12 months . 

(a)   Your USA Privacy Rights

You have certain choices about how we use your information. 


You can control cookies and tracking tools. To learn more about your choices related to cookies and our Do-Not-Track Policy, please see our Cookie Notice

You may choose not to receive marketing communications from us. You can ask us to stop such messages at any time by clicking on the “unsubscribe” link at the bottom of the message.  Please note that even if you choose not to receive marketing communications from us, you still may receive non-marketing communications, such as responses to your inquiries or notices regarding your account or our relationship with you.


Notice Concerning Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website(s) for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above, and in our Cookies Notice. Some web browsers offer users a “Do Not Track” privacy preference setting in the web browser. We do not currently recognize or respond to browser initiated Do Not Track signals.

While we do not currently respond to Do Not Track signals, when our systems detect the presence of our opt-out cookie or a mobile o/s opt-out indicator, our solutions will stop engaging in IBA for the opted out browser or device. And if we have linked two or more browsers or devices as described above, our systems will attempt to sever the link for the opted out browser or device .

Email Marketing Preferences

You may choose not to receive marketing communications from us. You can ask us to stop such messages at any time by clicking on the “unsubscribe” link at the bottom of the message.  Please note that even if you choose not to receive marketing communications from us, you still may receive non-marketing communications, such as responses to your inquiries or notices regarding your account or our relationship with you. 

Your USA Privacy Rights
The California Consumer Privacy Act (“CCPA”), as amended, the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”) provides residents of their respective states with additional rights with respect to their Personal Data. 


Depending on where you live and what you are asking us to do, we may or may not be obligated to comply with your request, and/or the time required to complete a request may vary. Based on how we collect and utilize your personal data, you may have the following rights:

  • Right to Access – You have the right to request that we provide you with a copy of the specific pieces of Personal Data we collected about you.
  • Right to Delete – You have the right to request that we delete your Personal Data that we maintain about you, subject to certain exceptions.
  • Right to Correct – You have the right to request that we correct inaccurate Personal Data that we maintain about you, subject to certain exceptions.
  • Right to Opt-Out of Profiling – You have the right to request that we not process your information for profiling.
  • Right to Non-Discrimination – You have the right to not receive discriminatory treatment for the exercise of your privacy rights.
  • Do Not Share My Info – You can request that we not share your personal information that we have in our products by clicking Do Not Share My Info. For purposes of this privacy notice, “share” means the targeting of advertising to you based on that your personal information obtained from your activity across websites, subject to certain exceptions set forth in applicable U.S. law. Any opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache .

You can make these requests online by clicking here, or by calling us at (+1) (833) 570-5939 (toll-free in the  US).  For any business-to-business requests, you can make these requests online by clicking here, or by calling us at (+1) (833) 570-5939 (toll-free in the US). For any employment related requests, you can make these requests online by clicking here.  We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain Personal Data as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. Note that for purposes of these requests under this privacy notice, Personal Data does not include information we have collected as a service provider to our clients. Finally, please note that we are required by California Civil Code section 1798.105(d) to keep a record of your request.

Only you, or a person or business entity that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.  For California residents, Authorized Agents must be a person or entity registered with the California Secretary of State.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including information that reasonably enables us verify the identifying information we currently maintain about you) that allows us to reasonably verify that you are the person about whom we collected the Personal Data or an authorized representative.

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your Personal Data, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the pesonal information that we already have.

Any disclosures we provide for California residents will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

(b)   Contact Us

If you have any questions about this Privacy Notice, or our approach to privacy, you can contact our Privacy Office in any of the following ways:

Address:

150 E 42nd St, New York, NY 10017, United States

Telephone:

(+1) (877) 570-5939 (U.S. toll-free)

Or by email at: Americas.DPO@dentsu.com