BOLD COLLECTIVE, LLC partners with Intuizi (intuizi.com) for all CTV data compliancy.
Intuizi CTV audience insights are derived using machine learning tools and practices which are applied to a massive data set made up of anonymized CTV and mobile signals from more than 100,000 apps, hundreds of millions of handsets and tens of millions of CTV devices.
Intuizi uses its proprietary, distributed high-performance computing hardware and software infrastructure to process and find relationships between over two and a half trillion rows of data.
Intuizi’s patent-pending process yields highly predictive behavioral insights while satisfying all privacy and data protection regulations.
Intuizi’s CTV insights are derived using predictive analysis of EIP data, time stamp, bundleID, user agent and inferred relationships based on household EIP consistency and associations with EIDs of mobile devices that share the same network and similar attributes. Our process prevents resolution of any individual device or household through application of our proprietary data management framework, thereby preserving consumer privacy and complying with data protection regulations.
Our process renders verifiable relationships that can be seen in our reporting and tested over time. We find relationships between CTV devices and mobile handsets which allow us to predict with a high degree of certainty that a CTV user visited a particular location or how many times an advertisement has been seen at a specific address.
Privacy and Data Protection Compliance:
Europe, California, Virginia and several other U.S. states have implemented data protection and privacy laws that have significantly changed how user data is used. These new regulations all require express, freely given, informed consent from a data subject prior to collecting and using certain data from that user. None of these new regulations apply to anonymized data. In fact, all of the regulations expressly exclude anonymous data.
Intuizi only has anonymous data on its platform. Intuizi does not allow MAIDs, IP addresses, email addresses, uniform identifiers like UID 2.0, or any other personally identifiable information on the Platform. Yet, Intuizi’s anonymous platform data is so rich and comprehensive that it provides insights Intuizi’s clients turn into new revenue, extra profitability or invaluable new business processes.
Because we only possess anonymous data, the Intuizi Platform is future proof, no matter the privacy and/or data protection legislation.
For the purposes of GDPR, Intuizi is a Data Processor. Intuizi receives signals from Data Controllers for the limited purpose of processing and visualizing that data for the Data Controller. Prior to delivering any data to Intuizi, our Data Controllers remove all data that identifies or can be used to identify a data subject so as to render the data sufficiently anonymized and therefore outside the scope of GDPR.
Intuizi does not take any steps to attempt to identify any data subjects. We enter written contracts with all persons/companies that access our Platform that forbids them from identifying any data subject, or from attempting to identify any data subject represented in our data, and we employ several technology solutions, including, but not limited to the insertion of random noise, to prevent data subjects from being identified. We also require our clients to report to us any data subject identification in the unlikely event it was to occur.
Our Platform does not render any results in locations deemed “sensitive” or where one could infer identity from locations associated with Sensitive Personal Information such as places of worship, gathering places indicative of race, sexual orientation, medical condition, citizenship or immigration status, or union membership.
Our Platform requires unique passwords to access. All data on the Platform has been anonymized prior to entry into the Platform. Additionally, we encrypt and hash all data at-rest and in-transit to provide a further level of security and to protect against intruders. We do not possess high value data, such as government issued identification information, financial institution access information, email addresses (even in hashed form like UID 2.0), or the like, and therefore there is less incentive for an intruder to target us.
How our Data Controllers source data put on our Platform:
Our Data Controllers fully comply with GDPR. In the event a data subject asks to be deleted (or otherwise withdraws consent), the Data Controller deletes that information from our Platform.
Intuizi has a Data Protection Officer and has a data governance framework in place that documents our policies and processes to show how we handle personal data to be GDPR and PECR compliant. We use record management controls and limit access to data via appropriately secure processes. We maintain a record of processing activities that we undertake internally and through outsourced sub-processors. We utilize Data Protection Impact and Legitimate Interest Assessments when applicable. Our employees receive ongoing data protection and privacy training and we have a policy in place to report data breaches. We have not experienced a data breach. We store anonymous data while the data source is a client, and delete such data when client ceases to be a client. We comply with all requests from our Data Controllers to delete data or otherwise comply with data subjects’ rights. We maintain records of all third party companies that we work with and any data we receive from them or that they process for us.
CCPA/CPRA (California) Compliance:
The drafting of California’s new privacy law (CPRA) is not final, and although it is supposed to go into effect on Jan 1, 2023, the California Privacy Protection Agency (CCPA) is literally still proposing language as to what the new regulations will require to be in Privacy Policies, Notices at Collection and third party and service provider agreements. Fortunately, the CPPA is far enough along in the drafting stage that we can say Intuizi’s existing process complies with what looks like will be California’s privacy law.
Intuizi has added a written contract requirement between our Data Controllers and any third party advertiser that uses Intuizi and wants to advertise directly to a Data Controller’s users using insights obtained as an Intuizi client. This “Third Party Contract” is designed to comply with CCPA regulations §§ 7053 and 7052 that govern sharing personal information (typically MAIDs or IP addresses) with third parties.