Neustar Privacy Notice

This notice was last modified on and has an effective date of July 1, 2024.

We have recently updated our Privacy Notice. Be sure to review it carefully to understand our privacy practices.

This Privacy Notice (“Notice”) provides information about how NeuStar, Inc., Neustar Information Services, Inc., and their wholly owned subsidiaries and affiliates, (collectively, “Neustar,” “we,” “us,” or “our”) handles personal information and describes the rights you may have regarding your personal information. Use of our online and offline services constitutes your agreement to the terms of this Notice. If you do not agree with the terms of this Notice, please do not use our services.

Neustar is now a TransUnion Company. This Notice does not cover practices of other TransUnion businesses or products, nor your interactions with us as a job applicant. Please see those respective privacy notices listed on the left-hand panel of this page for more information on those privacy practices.

Analytics Disclosure: We use Google Analytics 360, including Google Tag Manager and Google Ads. If you would like to learn more about Google Analytics, or opt out of this data collection and sharing activity, please use this link: https://www.google.com/policies/privacy/partners/. Please visit our Cookies and Similar Technologies Notice for information regarding our tracking technologies.

Visit our Privacy Choices Portal page to exercise your privacy rights and choices.

Notice at Collection: We collect personal information as detailed in this Notice. The categories of personal information that we collect and from whom are listed below under “Personal information we collect,” and the purposes for which we collect and use personal information are detailed below under “Purpose for collecting and use of personal information.” To learn more about your privacy rights, including your right to opt out of the sale or sharing of your personal information, please navigate to the “Privacy rights and choices” sections below. Our retention practices are outlined below under “Retaining personal information.”

Neustar may collect information that identifies or relates to a specific individual and other information described below in the course of operating our websites and providing our products and services to business customers. This information may or may not be linked to an identifiable individual, as described in this Notice.

Categories of Data Types. Neustar may collect various types of information, which, depending on the circumstances, may constitute personal information, including:

• PII (Personally Identified Information)
• CRM data (customer relationship management data)
• Pseudonymous IDs including information linked to device-identified information DIIs such as cookies, mobile advertising IDs (MAIDs), statistical IDs, IP addresses, hashed email addresses or telephone numbers, and other third-party identifiers, including TV Identifiers, that do not, by themselves, identify a specific individual
• Attribute data 
• Geolocation data including but not limited to, latitude/longitude data. Neustar may disclose, sell, or share geolocation data in the course of delivering its services, including: Marketing Solutions; Risk Solutions; and Professional Services
• Log data, including Internet log data, and event data

This information may or may not constitute “personal information” or “personal data” under applicable law, depending on the context in which the data is collected and any other data to which is linked or linkable.

Categories of Data Sources. Neustar collects this information from a wide variety of sources, both on and offline, such as:

• Publicly available data sources such as directory listings
• Reputable providers of licensed data derived from public and non-public sources
• Individuals, such as survey respondents, who affirmatively agree to the data uses
• Our customers, who provide their CRM data for our use in connection with our services
• Information collected online via pseudonymous IDs, including DIIs, cookies, MAIDs, statistical IDs, hashed email addresses or telephone numbers, and other persistent third-party identifiers, including TV identifiers, that do not, by themselves, identify a specific individual
• Log data and other information created in the course of providing our products and services
• Match Partners, Coverage Partners, Rotators, and Cookie Sync Partners
  • Match Partners. Neustar utilizes online registration information (e.g., name, address, MAIDs, or email information) provided by our Match Partners to associate an online browser with the relevant segment code. Once the association is made, the AdAdvisor repository discards the registration information and places a cookie on the user's hard drive that contains the segment code and one or more of the following demographic variables: (i) four-digit year of birth, (ii) gender, (iii) zip code, or (iv) hashed email address(es).
    • Our customers and Match Partners may also share MAIDs and registration information, which we use to associate a mobile device with a segment code. Once that association is made, we segregate PII from the resulting Pseudonymous ID.
    • We also use information supplied by our customers to associate MAIDs, such as Apple IDFA and Google Ad ID with market segmentation information. Our customers and Match Partners permit us to access PII to associate an online browser or mobile device with the pre-assigned segment code for that household or consumer.
  • Coverage Partners. An online partner that gives Neustar access to a pseudonymous identifier that can be associated with a Neustar cookie ID. Neustar uses this linkage to associate other data sources that have an existing match to the Coverage Partner's identifier with Neustar's cookie ID.
  • Rotators. A Rotator Partner is an online partner that gives Neustar access to a web browser for the purposes of calling a third-party tag to perform a pseudonymous ID (e.g., cookie ID) sync. Neustar and the third-party are then able to exchange data based on a synced pseudonymous ID.
  • Cookie Sync Partners. In order to recognize users across different platforms, Neustar matches or "syncs" its cookies with demand side platforms, (DSPs), supply side platforms (SSPs), data management platforms (DMPs) and other third parties. The result is a table matching Pseudonymous IDs (e.g., Cookie IDs).

The below chart describes the categories of personal information we may have collected in the past 12 months, and from whom we collected the personal information, listed by category of personal information.

We describe the purpose for collecting personal information, listed by categories of personal information, in the chart below. Please note that a specific piece of personal information may fall into one or more categories of personal information.

We may also use your personal information for other purposes disclosed at the time you provide your personal information or otherwise with your consent.

In the prior 12 months, we may have disclosed (business purpose) or sold/shared (commercial purpose) your personal information to different third parties, as detailed in the chart below. Please note that Neustar may share your personal information for a targeted advertising purpose.

In accordance with applicable laws and their defined terms – NOTICE: We and this website may sell your sensitive personal data. The entity maintaining this website and notice is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

The below chart summarizes the categories of third parties with whom Personal Information may be sold/shared or disclosed.

Neustar does not use or disclose personal information other than as described in the above chart, except for the following circumstances:

• As a data processor or service provider at the direction of our business customers, and in accordance with their own privacy policies;
• With related companies (TransUnion Companies) to include our parent company, our subsidiaries, and affiliates;
• To investigate, identify, respond to, and assist others to investigate and respond to cyber security threats to other criminal behavior;
• To protect our rights and the rights of third parties;
• For internal research purposes;
• In response to and support of law enforcement investigations;
• To (i) comply with US or foreign laws and/or regulations or to respond to lawful requests and legal process in US or foreign civil, criminal or investigative matters, (ii) enforce agreements, our terms and conditions, and policies, and protect our rights and property as the site owner, and (iii) in an emergency to protect the life or personal safety of Neustar, its customers, or any person;
• In an aggregated or de-identified form that does not directly identify you;
• Neustar may send our own advertisements (Neustar marketing campaign emails, for example) to businesses. If you would like to discontinue receiving this content, you may update your marketing preferences by selecting the “Unsubscribe” link found in emails we send to you. 

Neustar provides a variety of marketing, risk, communications, security, and registry solutions to help businesses and others make better decisions, better serve their customers, enable communications, and detect and respond to fraud, cybersecurity threats, and other malicious behavior. Customers may combine some or all features of our products and services described below.

Marketing Solutions. We provide a variety of services to online and offline advertisers and their agents through our marketing services offerings, including our Ad Advisor, Customer Analytics, Customer Experience and Customer Intelligence services.

• AdAdvisor. Neustar Audiences, including AdAdvisor and our ElementOne segmentation solutions, enable advertisers to understand their CRM Data and to apply those insights to reach and communicate with their existing customers and large groups of similar households and individuals in the on and offline environments. To do this, we collect consumer survey data, reliably-sourced household/neighborhood-level demographic data, and other licensed lifestyle and purchasing data from third party providers, which we aggregate across US households and use to make predictions about the preferences and interests of large groups of similar consumers based on pre-defined market segments, identified by a numeric Segment Code (also called an “Element”). In addition, we enable our advertisers to reach and communicate with specific users who may be interested in their products and services based on pseudonymized Attribute Data derived from reputable sources.
  • We use this information to help advertisers deliver more relevant online content. We may disclose Pseudonymous IDs with our affiliates and service providers to support advertising customers. We may also share or sell Pseudonymous IDs with other companies in the advertising sector for their own use or for resale. In order to enable our customers to use their information across the Internet advertising ecosystem, we "sync" Cookies with various ad platforms and tech providers. You can learn more about this process by reviewing our explanation of Cookie Sync Partners.
• Fabrick. In order to serve third party advertisement on their sites, online publishers may sell/share certain pseudonymized information, including a hashed version of information that they collect from website visitors (such as email or phone number), third party IDs (such as mobile advertising IDs or other IDs assigned by third parties), IP addresses, and/or information about your browser or operating system with Neustar. Neustar may match this pseudonymized information with information in our data repositories and issue another pseudonymous ID, which is changed on a weekly basis, for the publisher’s use in connection with real-time bidding for digital advertising. Neustar and other third parties may also link demographic or interest based information to your browser via Cookies as part of this process.
• Customer Analytics. Neustar's MarketShare services compile and analyze aggregated sales data, aggregated online Event Data (which may include addressable and connected TV data), information about offline marketing activities, along with other economic modeling data and aggregate ad response data from a variety of platforms (on and offline) in order to measure ad campaign effectiveness and attribute conversion events to marketing campaigns. This enables advertisers to understand their customer's path to conversion and facilitate smarter marketing spend decisions. For customers using our Onboarding services, we may also collect Hashed eMail Addresses, Hashed MAIDs, and/or imprecise (city/metro area/provincial/state/zip level) Geolocation Data from data partners.
• Customer Experience. Neustar's Customer Experience services connect data and media across channels (online, offline, television, etc.) to enable marketers to analyze the effectiveness of their advertising activities and determine where to invest in order to generate sales more efficiently.
• IDMP. Neustar's Identity Data Management Platform (IDMP) collects, and aggregates Log Data, including Internet Log Data, Event Data, and other information that is generated when you visit the websites of our publisher, retailer, and advertiser customers or when their ads are delivered to you on a third-party website. We use Pseudonymous IDs such as DIIs, Cookies, Mobile Advertising IDs or MAIDs, Pixel Tags, Web Beacons, Statistical IDs, third-party identifiers and other Pseudonymous IDs that do not, by themselves, identify a specific individual. In addition, the IDMP offering enables customers to use their own or third-party Attribute Data to improve the accuracy and performance of our IDMP.
  • We aggregate and normalize this information, along with website and pseudonymized CRM Data and, in some cases, pseudonymized Attribute Data in order to provide insights about the demographics and interests of an advertiser's customers and prospects, the advertisements they see, and how they interact with online content. Customers may also receive pseudonymized Cookie-level data using Neustar's Data Science Development Kit (DSDK) to perform their own analysis and aggregation. Customers use our aggregation reports and/or DSDK to improve the performance of their advertising campaigns, to better understand their audiences, and to enhance the relevance of advertisements.
  • Neustar collects Event Data to help our customers analyze and understand how effective their advertising is. Our customers may use our services to understand how you interact with them across their own and partner/third party web properties, and to communicate with you more effectively based on that information. In some cases, these advertisers use Neustar tools to build consumer profiles (e.g., "gardener" or "sports enthusiast") or predict consumer preferences based on a specific person's online behavior over time and across related and unrelated websites. Our customers use this information to communicate with consumers who are likely to be interested in their products and services.
• Data Onboarding. Using a process called Cross Device Linking, we create and store linkages between and among household or individual level Pseudonymous IDs such as DIIs, Cookies, Mobile Advertising IDs or MAIDs, Pixel Tags, Web Beacons, Statistical IDs, and other third-party identifiers, including connected and addressable TV Identifiers, that do not, by themselves, identify a specific individual. We use these linkages to "onboard" or associate customer-provided segmentation information with third party DII. We use this information on behalf of our customers to measure and analyze the effectiveness of particular advertising campaigns and understand at an aggregate level the impact these campaigns have on offline and online behavior. Our customers or their agents may also use this information to target advertising based on consumer preferences and characteristics, including pseudonymized Attribute Data.
• Remarketing. We also use Pseudonymous IDs along with Event Data, Attribute Data, the stored cross-device linkages discussed above, and in some cases, customer CRM Data to help our customers re-market to their web site visitors. For example, we may generate a list of households associated with visitors to an advertiser's website and provide that list to a neutral third party for follow up postal mail or email. Unless a user has expressly consented, we segregate DII from PII, such as address, and take other steps to ensure that this information is not merged.
• Website Personalization (PageAdvisor). Neustar collects Pseudonymous IDs and passes on the associated Segment Codes and Attribute Data so that our customers can customize content, advertisements, or offers displayed to their website visitors in real time.
• Customer Intelligence. Neustar's Customer Intelligence service uses Personal Information collected from a wide variety of public and private sources. Our business customers use this information to identify or verify the identity of existing customers and prospective customers who contact them (for example through their customer service center, online forms, or lead generation channels) to provide better customer service, communicate more effectively, use their marketing resources more efficiently, and comply with various laws and regulations. Customers also use these services to correct, update, and enhance their CRM Data and, in combination with our predictive market segmentation tools described below, to offer products and services you may be interested in.

Risk Solutions. We provide a variety of services to our customers through our risk solutions offerings, including our intelligence and reputation offerings.

• Compliance Intelligence. Neustar's Contact and TCPA Compliance services helps customers mitigate regulatory risk and improve operational efficiencies by verifying the linkages between a consumer's name, phone number, valid consent, and other offline attributes. This helps our customers comply with the Telephone Consumer Protection Act by confirming that the number they are calling belongs to the consumer who provided consent to be contacted at that number. Our CCPA Compliance solution allows customers to easily verify the identity of individuals seeking to exercise their rights under applicable data protection law and facilitates responses to access, deletion, and opt-out requests.
• Fraud Intelligence. Neustar uses data from a variety of sources, including offline data, customer provided data including PII, third-party licensed data, and Cross Device Linking data, or other Pseudonymous IDs (e.g., IP Addresses, Cookies, Mobile Advertising IDs or MAIDs, and Statistical Identifiers to help our customers verify their registered customers, prevent, detect, investigate and respond to fraud and other malicious behavior, and to achieve operational efficiency.
  • Neustar helps our customers achieve inbound and outbound operational efficiency and prevent fraud by matching, enhancing, correcting, or corroborating their CRM Data. Neustar provides phone attribute information (e.g., whether the phone has been ported, disconnected, or changed recently) to help our customers defend against potential fraud, account takeover, and spoofing. Information from Cross-Device Linking can also be used in connection with our IP Information and IP Reputation services to flag potentially fraudulent account opening activities.
  • Neustar’s TRUSTID Authenticator and Indicator Software as a Service services provide an ownership-based authentication token that allows call centers to identify trusted callers before their calls are answered. Call center customers transmit data associated with inbound calls to Neustar, which Neustar uses on behalf of the customer to determine, among other things, whether or not a calling party number has a high probability of being intentionally falsified. This enables businesses to identify and protect again potential identity theft.
• IP Geopoint Intelligence. Neustar collects IP Addresses and other geolocation-related information using proprietary, patented technologies to map routable IP Addresses worldwide. By augmenting our data with insights derived from select global partners, we provide city-level data down to postal codes. We may use Geolocation Data from reputable sources to enhance our Risk Solutions services. Our IP Intelligence services also use IP Address and other Geolocation Data information to help our customers detect potentially fraudulent transactions (i.e., by flagging suspicious IP Addresses or log-ins from unlikely locations), and comply with geographic sales and content delivery regulations.
• IP Reputation. Neustar collects IP Addresses and analyzes trends and patterns associated with them. By augmenting our data with insights derived from select global partners, we provide risk scores that allow our customers to determine whether an IP Address is a real human user (vs. a bot) or whether malicious activities have been associated with the IP Address in the past. Our customers may use this information to detect, prevent, and respond to fraud and other risks.

Communications Solutions. Neustar provides a variety of services to communications services providers to ensure that calls are properly routed across telecommunications service provider networks. These services include Caller ID/Caller Name (CNAM) services and optimization, branded contact management, robocall detection and mitigation services, domestic and international number resolutions services, directory listings management, business listings, numbering and order management services, and other services provided to communications services providers and other businesses. Our use and disclosure of this information may be limited by contract.

• Pathfinder. Neustar maintains and operates the global phone number resolution directory service, Pathfinder on behalf of the GSMA for SMS routing and delivery. Customers of Pathfinder are restricted to use this service only for the purposes of rating, routing, and routing administration. For this service Neustar collects the phone number (queried by our customer), IP Address of the customer submitting the query and our response to the customer's query. Neustar's Pathfinder response consists of the carrier of record for the queried phone number and any number port history information.
• Order Management. We provide services to help communications companies manage their domestic US phone numbering inventory, manage and fulfill customer number porting orders, and to comply with regulatory requirements. For these services we collect telephone numbers, IP Addresses, and carrier information. Our use and disclosure of this information may be limited by contract and regulated by law.
• Directory Listing and Caller Name. In addition to providing traditional directory services, Neustar helps our customers reach their customers and prospects with branded caller identification and business listing services. For our TruContact Branded Call Display (BCD) service, powered by Neustar, we improve customer engagement and protect our customers' brands by adding context to the mobile call display. For this service, we collect business information such as a customer’s business name, logo, location, and contact information, which may also include a customer’s designee information (such as information contained in a digital business card). 
• Localeze. Neustar maintains business listing information for our small business and franchise customers so they can be found by their customers and prospects. For Neustar's Localeze service, we collect business name, address, phone, email, website and service type information and publish this information through various media channels. Neustar’s Localeze service may access tokenized and encrypted Google authentication data (“Google User Data”) provided by users when linking their Google business accounts via an OAuth authorization flow for web applications to enable our business data synchronization service. The OAuth authorization flow produces three (3) tokens: access, refresh, and identification tokens, all of which are stored in a US-based Redis database, owned by Neustar. The access tokens are used to execute API requests on behalf of users for various Google APIs, including verifying and updating business listing information (including business images) and providing services such as: account management, verification, alerts and notifications and metrics analysis. Access tokens expire within an hour and refresh tokens are used to generate new access tokens. The identification token contains a user’s encrypted Google User Data, but Neustar’s Localeze service does not decrypt, use, sell or share any identifiable Google User Data.
• Operational Intelligence. Neustar uses a combination of internal and external sources, including PII from telecommunications providers, to provide our Right Party Contact/Call Window service. The service is built using offline date and time information about access to proprietary Neustar data repositories that support a variety of our products, overlaid with offline insights about phone type and activation date. All of these inputs are aggregated across time and analyzed using complex rules to predict day/time windows when you are most likely to be available to answer your phone. Our customers use these insights to comply with a variety of consumer protection rules regarding outbound calling, identify and mitigate fraud, and enhance the efficiency of their outbound calling programs.

General Health Related Audiences. Neustar creates certain audience segments based on our predictions about the likelihood that households assigned to a particular Segment Code or audience are more or less likely to use certain kinds of over-the-counter medications (e.g., cold or flu medications) or more or less likely to consume certain alcoholic beverages. These segments do not include or reflect individual or even household level behavior; rather, they are predictions based on survey responses from volunteer participants, which is then modeled to apply to broader groups of people who we think are more or less likely to have similar preferences. Advertisers who use these segments must comply with government regulation as well as industry best practices that apply to the delivery of such advertising. 

• Neustar imposes special rules on the use of our data to market health and alcohol products. Keep reading for more information about this topic and a list of the audiences we offer.

Health Related Advertising. Neustar creates certain audience segments based on our predictions about the likelihood that households assigned to a particular Segment Code or audience are more or less likely to use certain kinds of over-the-counter medications (e.g., cold or flu medications) or more or less likely to consume certain alcoholic beverages. These segments do not include or reflect individual or even household level behavior.

• Vitamins/Minerals
• Headache/Pain Reliever
• Sore Throat Remedies
• Eye Drops/Eye Wash use and likely brand Obtain Medical Insurance Via
• Facial Cleansing Product
• Contact Lenses
• Feminine products
• Cough Syrup
• First Aid/Bandages/Antibiotic
• Cold/Allergy/Sinus Remedy
• Pain Relieving Rubs/Liquids/Wraps

Policy on Alcohol Advertising. You may not use ElementOne and/or AdAdvisor audience insights in connection with alcohol advertising unless you:

• Target audiences in the United States or Canada only
• Act in compliance with all applicable laws
• Comply with industry standards including, as applicable:
  • The 2011 Distilled Spirits Council Code of Responsible Practices, including the Digital/Social Media Marketing Guidelines
  • The Beer Institute Advertising and Marketing Code and Guidelines
  • Wine Institute Code of Advertising Standards
• Do not target individuals below the legal drinking age, and/or pregnant women
• Do not imply that drinking alcohol can improve social, sexual, professional, intellectual, or athletic standing
• Do not imply that drinking alcohol provides health or therapeutic benefits
• Do not portray excessive drinking in a positive light or feature binge or competition drinking
• Do not show alcohol being consumed in conjunction with the operation of machinery or a vehicle of any kind or the performance of any task requiring alertness or dexterity
• Do not depict violent or degrading behavior

Political Audiences. Neustar creates certain audience segments based on our predictions about the likelihood that households assigned to a particular Segment Code or audience are more or less likely to be registered to vote, vote or have a certain particular political outlook. These segments do not include or reflect individual or even household level behavior and they are not derived from voter registration lists; rather, they are predictions based on information received from opt-in survey respondents from volunteer participants, which is then modeled to apply to broader groups of people who we think are more or less likely to have similar preferences. Advertisers who use these segments must comply with government regulation as well as industry best practices that apply to the delivery of such advertising. 

• Neustar imposes special rules on the use of our data for political communications. Keep reading for more information about this topic and a list of the audiences we offer.

Policy on Political Advertising. Neustar has, in the past, created ElementOne and/or AdAdvisor audience insights (including for use in AdAdvisor) derived from voter registration records. Neustar permitted use of these audiences exclusively for non-commercial political purposes, such as educational communications concerning an election, candidate for election, elected official, political or policy issue, or governmental proceeding, policy or process. Please note, Neustar has discontinued creation of these audiences effective April 1, 2020.

• Neustar creates certain audience segments based on our predictions about the likelihood that households assigned to a particular Segment Code or audience are more or less likely to be registered to vote as Democrats, Independents, Libertarians or Republicans; more or less likely to have voted in a past election or to vote in an upcoming election, etc. These segments do not include or reflect individual or even household level behavior.
• Most Likely Registered Republican
• Most Likely Registered Democrat
• Most Likely Registered Independent
• Most Likely to have any Conservative Political Outlook
• Most Likely to have any Liberal Political Outlook
• Most Likely to have middle of the Road Political Outlook
• Most Likely Not Registered to Vote
• Most Likely Registered to Vote
• Most Likely to have somewhat Conservative Political Outlook
• Most Likely to have somewhat Liberal Political Outlook
• Most Likely to have very Conservative Political Outlook
• Most Likely to have very Liberal Political Outlook
• Most Likely to have voted In Last US Presidential Election
• Most Likely to have voted In Last US State Election

Credit Card Information. Neustar may collect credit card information when provided by our customers in payment for some of our services. This information is securely collected and transmitted by our vendor in accordance with Payment Card Industry standards and used and disclosed only for the purposes of receiving payment for our services.

As applicable under privacy laws, when Neustar is acting as a data controller you may take advantage of certain privacy rights, such as to request access, correction, or deletion of your personal information. You may also have the right to appeal a denial of your privacy rights.

To exercise your privacy rights – access, deletion, correction, opt-out, limitation – (subject to limitations and exceptions under applicable law), visit our Privacy Choices Portal page to submit a verifiable request, and find additional detail below.

• The easiest way to submit a request is via the portal, which enables you to exercise all of your privacy choices in one central platform and enables us to automatically check for certain pseudonymous IDs to confirm that your individual identity and associated data has been located to place our opt-out indicator and stop any online collection of your personal information by Neustar (provided you have not set your system to block us from doing so).
• You can also submit a privacy request offline via the contact methods in the “Contact information” section below. Please be sure to include your full name, postal address, telephone number, and email address. We will contact you by email or telephone (as applicable) after receipt to let you know the status of your request.
• If we return this information to you electronically, the information will be in a portable format, and to the extent that it is technically feasible, we will provide the information in a readily useable format that can be easily transferred to another entity.

To make an opt-out request or to limit our use of your sensitive personal information (subject to limitations and exceptions under applicable law), visit Your Privacy Choices.

• Because we may “sell” or “share” personal information or engage in “profiling,” “targeted advertising,” “cross-context behavioral advertising,” or use sensitive personal information, consistent with the defined terms in applicable state laws, you may also exercise your opt-out rights from such sales/sharing, profiling/automated decision making, targeted advertising, or cross-context behavioral advertising, and limit our use of your sensitive personal information.
• To exercise your right to opt out of the sale or sharing of your personal information through trackers or cookies on our websites, please visit our Cookies and Similar Technologies Notice.

In some instances, Neustar offers its services to customers as a service provider/data processor or subject to other exceptions under the applicable state privacy laws. Where Neustar is acting as a service provider/data processor, we are processing data on behalf of others who will provide you with applicable privacy rights.

Explanation of Privacy Rights and Choices

• Right to Access/Know. You may have the right to request a privacy report detailing the personal information collected, disclosed, sold, and shared about you and the purpose for doing so, unless such request proves impossible or would involve disproportionate effort.
• Right to Correct. You may have the right to request that we correct inaccurate personal information that we collect or maintain about you, subject to verification.
• Right to Delete. If we collected or maintain personal information about you, you may have the right to request the deletion of this personal information, unless an exception applies under applicable law.
• Right to Opt Out of the Sale/Sharing. You may have the right to opt out of the sale/sharing of your personal information to third parties.
• Right to Opt Out of Profiling/Automated Decision Making, Targeted Advertising, or Cross-Context Behavioral Advertising. You may have the right to opt out of our use of your personal information for purposes of profiling, automated decision making, targeted advertising, or cross-context behavioral advertising.
• Right to Limit the Use of Sensitive Personal Information. You may have the right to limit how we use your sensitive personal information. Depending on the applicable law, sensitive personal information may include: Social Security number, driver’s license number, biometric information, precise geolocation data, and racial and ethnic origin.
• Right to Appeal. If you believe we have denied any of your consumer privacy rights in error, you may have the right to appeal by replying to our denial message or any communication from us.

We do not discriminate against you based on your exercise of your privacy rights, although some of the functionality and features available on our websites may change or no longer be available to you.

In calendar year 2023, we received and responded to privacy requests as set forth in the table below. This data reflects requests received in 2023 from all individuals. This data is inclusive of NeuStar, Inc. as a registered data broker, pursuant to the California Data Broker Registration law.

* Requests may have been denied if (i) the individual’s information was not in our systems, (ii) we could not match the individual’s information to a unique identity in our systems, (iii) we were unable to verify the individual’s identity, or (iv) if an exception to compliance was applicable.

Using an authorized agent (with or without power of attorney) to submit an opt-out request or a request to limit the use of a consumer’s sensitive personal information: In order to submit an opt-out request or a request to limit on behalf of another consumer, please provide written permission, signed by the applicable consumer, authorizing the agent to submit the opt-out request. The name of the agent submitting the request must match the name on the authorization.

In order for us to locate the consumer’s record, please also include the consumer’s first and last name (middle name optional) and their address (including unit number, city, state, and zip code). You may also provide the consumer’s Social Security number and data of birth. While those fields are optional, this information makes it easier for Neustar to locate the consumer’s information and complete the request.

Using an authorized agent without power of attorney to submit a verifiable privacy request for access, correction, or deletion of a consumer’s personal information:  In order to submit a verifiable request for access, correction, or deletion on behalf of another consumer, an authorized agent without power of attorney must provide one item from each of the two sections below.

1. Signed permission from the applicable consumer authorizing the agent to submit the verifiable privacy request on their behalf, including a description of the type of privacy request(s). The name of the agent submitting the request must match the name of the authorization.
2. The applicable consumer must verify their own identity directly with the business by submitting information or documentation that provides sufficient proof of identification, such as:

a. Social Security number or a copy of a Social Security card issued by the Social Security Administration,

b. a certified or official copy of a birth certificate issued by an entity authorized to issue the birth certificate, or

c. a copy of a driver's license or an identification card issued by the motor vehicle administration or any other government issued identification.

This secondary identification must include or reference the same name as stated in the signed permission form. The submission must also include sufficient information for Neustar to locate the consumer’s file.

Using an authorized agent with power of attorney to submit a verifiable privacy request for access, correction, or deletion of a consumer’s personal information:  In order to submit a request on behalf of another consumer, an authorized agent with power of attorney must provide the valid power of attorney executed under applicable law. The submission must also include sufficient information for us to locate the consumer’s file.

Documentation may be sent via the contact methods in the “Contact information” section below.

To protect the confidentiality of your data, you may choose to submit your data using confidentiality features offered by your email provider.

All personal information provided as part of this process will be deleted after verification has been completed.

Information for EEA, UK, and Switzerland Residents. Neustar honors confirmation, access, correction, objection, and erasure rights of data subjects under the EU's General Data Protection Regulation (GDPR). If you are resident in the European Economic Area (EEA), please visit our Privacy Choices Portal on our website using an IP address in the EEA to access our portal options. If you are an EEA resident but unable to access the portal from an IP address in Europe, please contact us at neustarpriv@transunion.com to initiate a manual process.

You can visit our Privacy Choices Portal if you wish to opt-out Neustar’s use of Personal Information about you using cookies, MAIDs, hashed emails, and other pseudonymous IDs or to learn more about and exercise any other rights you may have as a data subject under applicable law, including the EU’s General Data Protection Regulation (GDPR), Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), and US State Privacy Laws.

Identity Data Management Platform (IDMP) & Multi-Touch Attribution (MTA). We collect the following data elements in connection with our IDMP and MTA service. 

• Alphanumeric strings that indicate (i) the ad displayed; (ii) the user's engagement with the ad (e.g., click on, play video, etc.); and (iii) any conversion activity. These strings are not, on their own, personal data.
• IP Addresses, which we treat as personal data, are collected. The full IP address is captured in the application logs but deleted after 10 days. A truncated version of the IP address (i.e., last octet dropped) and one-way hashed IP addresses are securely transmitted to the US for use in preparing customer-analytics reports.
• IP Addresses may be used to help determine geolocation at city, town, country, or DMA level.
• The referrer URL is collected, including query-string information, to provide improved measurement insights, such as impressions per website and to track non-taggable and organic/earned media clicks for measurement and attribution. Prior to using this data, however, we use algorithms to obfuscate potential personal information (e.g., IP addresses, passwords, emails, financial or other sensitive identifiers).
• If you are using our onboarding services (available in the UK and France only), we collect hashed email addresses from you, along with coded attribute data. In the UK and France, we also may collect hashed email addresses, mobile-ad identifiers, and/or city/metro area/provincial-level geolocation data from data partners.
• We may also collect hashed mobile-ad identifiers, and latitude and longitude values that are or are rendered imprecise.

Based on the processes described above, with the exception of the transitory storage of full IP addresses, we pseudonymize all potential personal data, and associate this information with alphanumeric cookie IDs. This information is then aggregated to provide information about the number of unique impressions, engagements and conversions per campaign, advertiser, site, audience, or location. The aggregation process removes any cookie-level information, i.e., all potential personal data. We retain pseudonymous cookie-level data (events, hashed/truncated IP addresses, URLs) for up to 19 months, and aggregated events data for up to 18 months.

Marketing Mix Modeling (MMM). Personal data is not required for our MMM service. The following aggregated data may be provided by the data exporter. Please note that these are only examples of types of data collected and is subject to change after closer analysis and review of the customer's business needs.

• Type of marketing activity - including TV, Radio, Newspaper, Out of Home, Online Display, Online Video, Paid Search, Paid Social Media, Direct Catalog, Email, In-Store Marketing, Mobile SMS, Outbound Call Center, Sponsorship Activation, Sponsorship Media, Organic Social, or other paid marketing activity
• Date or date range of the marketing activity
• Monetary amount spent on the marketing activity
• Location of the marketing activity when applicable — such as country, DMA, region, retail-store identifier, or other location information agreed upon by data exporter and importer
• Products covered by the marketing activity when applicable — such as specific product, brand, division or other product information agreed upon by data exporter and importer
• Measure of online marketing reach, which may include one (1) or more of the following:
  • Impressions
  • Clicks
  • Quantity
  • Circulation
  • GRPs
  • TRPs
  • Spots
  • Calls
  • Social Engagement
  • Event Activation Measure (i.e. Attendance)
  • Quantity Sent
  • Quantity Opened

• Additional Information to distinguish the marketing activity from others of the same type can include the following:
  • Media Subtype (Banner, Wrap, etc.)
  • Network / Site Name / Site Type / Search Engine Name / Social Platform / Station / Station Type / Publication / Publication Type / Print Type
  • Length, Daypart
  • Creative Name / Campaign Name / Subject Line
  • Language
  • Program Type / Title
  • Size / Print Page Count
  • Device Type
  • Customer Type for Direct Marketing (Customer or Prospect)
  • Sponsorship Activation may include information on the category, subcategory and activation name of the activity

Fraud, Risk & Compliance Products. At this time, Neustar does not offer its FRC products outside of the United States.

Information for Brazil Residents. Neustar honors access; confirmation; correction; anonymization, blocking or deletion; portability; information; and revocation rights of data subjects under Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD). If you are a resident in Brazil, please visit our Privacy Choices Portal using an IP address in Brazil to access our portal options. If you are a Brazil in resident but unable to access the portal from an IP address in Brazil, please contact us at neustarpriv@transunion.com to initiate a manual process.

LGPD is Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), which went into effect in September 2020. Like the European Union’s General Data Protection Regulation (GDPR) and newly enacted US State laws, LGPD is a principle-based regulation, requiring personal data to be processed fairly, lawfully, and transparently for defined purposes only. Here is some additional information to explain how Neustar meets the LGPD’s requirements:

• We built and continue to deploy streamlined data ingestion, inventory, retention/purge and processing systems and technologies to automate the application of our data privacy commitments, data governance policies, and to facilitate data subject rights such as access, deletion, objection, and opt-out.
• We designated a Data Protection Officer.
• We enhanced our existing privacy and security training to ensure that all LGPD required topics are covered.
• In advance of the effective date of GDPR, we overhauled our existing Privacy Impact Assessments (PIAs), which are designed to serve as Data Protection Impact Analysis (DPIAs) for relevant products and services under appropriate circumstances as required by law. We continue to review and refine this information as laws applicable to Neustar’s data processing activities evolve.
• We review and revise our privacy notices and transparency processes annually and monitor the sufficiency of our processes for receiving and responding to data subject requests for access, correction, erasure, objection, and portability as applicable.
• We ensured that our portal for receiving and processing Data Subject requests, including requests for confirmation of processing, access, correction, objection, and erasure of personal data complies with LGPD requirements.
• We entered into an intra-company agreement based on standard contractual clauses approved by the European Commission to govern the transfer of personal data from Brazil to Neustar entities globally.

Explanation of Our Privacy Practices – Brazil Residents

1.     What personal data does Neustar collect and how is LGPD compliance achieved?

The data Neustar processes varies from product to product (and sometimes from customer to customer) and is detailed in this Notice. To ensure compliance with LGPD and other privacy norms, Neustar treats any information that is or reasonably can be linked to an identifiable natural person (a "data subject") as "personal data." This includes obvious personal information such as name, address, telephone number, email address, etc., as well as persistent identifiers such as government issued IDs, IP addresses, cookie IDs, advertising IDs, precise location data, etc. when linked or linkable to identifiable individuals or households. We have implemented administrative, technical, and physical safeguards to maintain consumer privacy by segregating information that directly identifies an individual from machine or pseudonymous identifiers and deploying data access, governance, privacy, and confidentiality policies to maintain appropriate limits.

2.     What is the legal basis for Neustar’s processing of personal data about Brazilian data subjects?

As permitted by Article 7 of LGPD, Neustar generally processes data as a controller to fulfill our legitimate interests or those of a third-party consistent with the data subject’s fundamental rights and liberties. In some cases, we may process data with the data subject’s consent or where the information has been made public by the data subject. Neustar also processes personal data as a service provider (processor) according to instructions provided by our controller/customers.

3.     What mechanisms does Neustar use to support the transfer of personal data subject to LGPD to the United States and elsewhere?

Chapter V of the LGPD sets forth principles governing the international transfer of personal data. Among other things, the data controller may offer guarantees of compliance with the principles and data subject rights set forth in the LGPD by providing a) specific contractual clauses for a given transfer; b) standard contractual clauses; c) binding corporate rules; or d) regularly issued stamps, certificates and codes of conduct. Until such time as the Brazilian data protection authority issues approved standard contractual clauses, data transferred by Neustar from Brazil is governed by contracts previously approved for similar purposes by the European Commission.

4.     How does Neustar comply with the LGPD principles?

Neustar adopted Privacy by Design principles in 2012 and has always complied with Fair Information Practice Principles (FIPPs). Neustar’s Privacy Principles are available at the beginning of this Notice and are consistent with the principles set out in LGPD. To ensure compliance with LGPD and other data protection requirements, we routinely review and update our Privacy Impact Assessments (PIAs), which serve as Data Protection Impact Assessments (DPIAs) when required by applicable law.

5.     How will Neustar comply with other controller/processor obligations?

As previously indicated, Neustar adopted "Privacy by Design" principles in 2012, and since that time has implemented appropriate technical and organizational measure designed to implement data protection principles by default. As a matter of standard practice, we prepare privacy impact assessments for products/services involving personal data processing. Consistent with the requirements of the LGPD, Neustar’s PIA templates serve as DPIAs where the nature, scope, context, and purposes of personal data process is likely to result in a high risk to compliance with the to the LGPD’s general principles.

Processors in the United States have long been subject to data breach notification obligations, both to data subjects and to regulators, so we are familiar with these processes. Neustar continuously reviews and updates our privacy and security policies to reflect the highest standards. We are accountable for processing undertaken as a data controller, and as a processor we limit our activities via contract to processing undertaken at the direction and on behalf of the data processor. Neustar’s data governance architecture is designed to streamline and automate compliance with applicable law, including LGPD.

6.     How will Neustar ensure compliance with a data subject rights under LGPD such as transparency/access/confirmation; deletion/erasure/anonymization; portability; revocation of consent; etc.?

Subject to the limitations contained in applicable data protection laws, including LGPD, Neustar honors all relevant data subject rights. Neustar does not use or permit the use of its services for automated individual decision-making that produces legal effects or otherwise significantly affects a data subject.

Our existing online request portal is designed to handle all data subject requests to exercise LGPD-established rights. Neustar will also honor requests submitted via email to neustarpriv@transunion.com.

7.     How will Neustar ensure that it discloses information to the right person?

While certain opt-outs and subject access requests can be automated, it is extremely important to avoid release of personal data about one person to another. Accordingly, Neustar requires sufficient information about the individual's identity in order to ensure that the person making the request is the individual to whom the data relates (or someone authorized by the data subject to make that request). The amount of information needed depends on the nature of the data requested and the means through which it is submitted. For example, if the requestor provides a Cookie ID or places the request electronically, it may be possible to confirm that the Cookies match without requesting additional information. In other cases, we may require reasonable evidence of identity and/or presence in Brazil.

8.     Who is Neustar’s Data Protection Officer?

Data Protection Officer:

Chaitanya Katikala

Transunion

555 West Adams Street, Chicago, IL 60661

Shaq.Katikala@transunion.com

EU Representative:

Neustar GmbH (Germany)

Große Bleichen 1-3

Hamburg

20354

Germany

neustarpriv@transunion.com

9.     Other questions:

If you have unanswered questions, feel free to contact us via email sent to: neustarpriv@transunion.com. 

If you are visiting our website or using our services from outside the United States (US), including in the European Economic Area (EEA) or United Kingdom (UK), please be aware that your personal information may be transferred to the US and potentially other countries whose data protection laws may not be as protective as those in your country of residence. However, our collection, storage and use of your personal information will at all times be in accordance with this Notice wherever it is processed.

For transfers of personal information from the European Union (EU), UK, and Switzerland to the US: Neustar and its subsidiaries, (i.e., Administrative Services, LLC, Aggregate Knowledge, LLC., Data Solutions Services, LLC, MarketShare Holdings, Inc., Neustar Information Services, Inc., and NeuStar, Inc. collectively "Neustar") comply with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-US DPF”) as set forth by the US Department of Commerce. 

Neustar has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of personal information received from the EU in reliance on the EU-US DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Neustar has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (“Swiss-US DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Notice and the EU-US DPF Principles and/or the Swiss-US DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit. The Federal Trade Commission has jurisdiction over Neustar’s compliance with the DPF program. 

In compliance with the EU-US DPF Principles, including the UK Extension of the EU-US DPF Principles and the Swiss-US DPF Principles, Neustar commits to resolve complaints about your privacy and Neustar’s collection or use of personal information transferred to the US pursuant to this Notice. EU, Swiss, and UK individuals with DPF inquiries or complaints should first contact Neustar via the methods outlined in the “Contact information” section below.

Neustar has further committed to refer unresolved privacy complaints under the DPF Principles to an independent recourse mechanism, Data Privacy Framework Services, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit EU-US Data Privacy Framework | JAMS Mediation, Arbitration, ADR Services (jamsadr.com) for more information and to file a complaint. This service is provided free of charge to you.

If your DPF compliant cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information about binding arbitration, visit here.

European residents may also opt-out of our use of cookies for online advertising at: www.youronlinechoices.com/uk.

Onward Transfers. Neustar may disclose personal information to subcontractors and third-party agents who assist Neustar in providing products and services to its customers. Before disclosing personal information to a subcontractor or third-party agent, Neustar will obtain assurances from the recipient that it will: (a) use the personal information only to assist Neustar in providing the services; (b) provide at least the same level of protection for personal information as required by the DPF Principles; and (c) notify Neustar if the recipient is no longer able to provide the required protections. Upon notice, Neustar will act promptly to stop and remediate unauthorized processing of personal information by a recipient. Neustar will remain liable for onward transfers to its subcontractors and third-party agents. 

Neustar may also be required to disclose, and may disclose, personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Neustar will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Neustar will not otherwise disclose personal information to third parties.

10. Personal information of children

Our services are not intended for use by nor directed to individuals under the age of eighteen (18). We do not knowingly collect information from children under eighteen (18), and we do not knowingly create marketing segments or knowingly enable advertising targeted to children under eighteen (18). If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information or otherwise comply with applicable law. We do not knowingly sell personal information of children under the age of eighteen (18).

Parent or Guardian Privacy Opt-Out Request (child under 18 years)

If you believe we have collected personal information from individuals under the age of eighteen (18), a parent or guardian may make a data privacy opt-out request or limit our use of sensitive personal information (subject to limitations and exceptions under applicable law) by visiting our Privacy Choices Portal.

11. Securing personal information

Neustar has implemented and maintains a comprehensive Information Security Program with reasonable administrative (policies, standards, and processes), physical, and technical controls designed to protect the confidentiality, integrity, and accessibility of your Personal Information. 

12. Retaining personal information

We retain your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected or processed, as described in this Notice. When determining retention periods, we consider our relationship with you and your information, the nature and sensitivity of the information, and what is reasonably necessary and proportionate to provide and improve our services. We also adjust retention periods to comply with our legal, reporting, or accounting obligations, to resolve disputes, and to enforce our agreements. We regularly review our retention periods and assess our data minimization practices, retaining the least amount of information for the shortest retention period, while still upholding all our obligations.

Neustar Service-Specific Cookie Retention

Website Cookies. We retain information collected through our websites for as long as your account is active or as needed to provide you services.

Services Cookies. We retain raw, cookie level data associated with our services for up to 18 months. At the time of collection, we also create aggregated data that cannot be re-associated with an individual cookie. We may retain this aggregated data for a longer period as required by law or otherwise necessary to resolve a dispute and enforce our agreements.

• Neustar service cookies expire in 12 months, although additional user registration at an on-boarding partner site may result in the placement of a new cookie.
• Associations made through MAIDs expire 12 months after the last time you interact with a partner website or advertiser.
• For cookies originating on websites in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, we collect and promptly hash full IP addresses into a 64-bit integer. We also collect a truncated IP address (dropping the last octet). The truncated and hashed IP addresses are then forwarded to the U.S. using a secure transmission protocol. Full IP addresses are captured by the application log file but are used exclusively for operations and deleted after 10 days.

Please visit our Cookies and Similar Technologies Notice for additional information regarding TransUnion Companies’ tracking technologies.

13. Corporate reorganization

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, we may share your personal information. We may also share your personal information if we undergo bankruptcy or liquidation, in the course of such proceedings.

14. Links to other sites or services

This Notice does not apply to other third-party sites or services. If you click on a link or browse to a third-party site from our site/service, your activity and interaction is subject to that third-party's rules and policies. We recommend reviewing the privacy statements on those other sites to understand their privacy practices and make an informed decision regarding your use or interaction with their site/service.

15. Contact information

If you have questions or concerns regarding this Notice, our privacy practices and the protection of your personal information, or the privacy rights and choices available to you, you may contact us in the following ways:

16. Notice changes and effective date

This Notice is subject to change at any time. If we make any changes to this Notice, we will post the revised Notice on this page with its effective date.