How to use the Menarlo Privacy Centre
Our Privacy Centre provides Information about UK, European, California and other US state privacy rights, together with instructions for submitting a request.
Cookie Notice
This notice explains how Menarlo uses cookies and similar technologies on its website and online services.
Us Privacy Rights
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Data Requests
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
personal Information
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Our commitment to responsible data usage
Privacy by design
Privacy considerations form part of how we assess, onboard, develop, distribute and manage data products. We evaluate the purpose of the data, its origin, the permissions associated with it, the identifiers involved, the intended use cases and the organisations that may receive it.
Data minimisation
We seek to process only the information reasonably required for a defined and legitimate purpose. Where a product can operate using pseudonymous, aggregated or de-identified information, we favour those formats over directly identifying information.
Transparency and control
We provide information about our processing activities and support applicable rights to access, correct, delete, restrict or object to processing. We also provide mechanisms through which individuals can opt out of relevant advertising, sale, sharing or targeted-advertising activities.
Accountable partnerships
We expect data owners, suppliers, platforms and service providers to meet appropriate privacy and security standards. Our onboarding and contracting processes are designed to establish permitted uses, responsibilities, restrictions, security requirements and procedures for responding to privacy requests.
Purpose limitation
Data should be used for clear, documented and permitted purposes. We prohibit the use of our data products for unlawful discrimination, harmful targeting or decisions about employment, housing, credit, insurance, healthcare eligibility or other similarly significant matters unless the use has been expressly approved and is supported by an appropriate legal basis.
How Menarlo works with data
Menarlo and its group companies help partners prepare and commercialise data through services that may include:
- assessing and onboarding data sources;
- reviewing provenance, permissions and permitted uses;
- organising data into useful taxonomies and audience segments;
- standardising, enriching, matching or pseudonymising data;
- preparing data for distribution through approved technology partners;
- making data available through platforms and data marketplaces;
- supporting audience activation, enrichment and measurement;
- monitoring usage, quality, permissions and commercial performance;
- managing opt-outs, suppression requirements and privacy requests; and
- supporting data governance, documentation and compliance.
The precise role played by Menarlo depends on the service, contractual arrangement and data flow. Menarlo or the relevant Menarlo group company may act as:
A controller, where we determine why and how personal information is processed;
A joint controller, where those decisions are made together with another organisation; or
A processor or service provider, where we process information on documented instructions from a customer or partner.
Where another company controls the information, its own privacy notice will also apply.
The information we may process
The information processed by Menarlo depends on how an individual, customer, supplier or partner interacts with us.
Business and contact information
This may include:
- name;
- business email address;
- business telephone number;
- job title;
- employer or organisation;
- professional profile;
- correspondence and meeting information;
- account, contract and billing details; and
- preferences relating to communications.
Website and technical information
When someone visits our website or interacts with our online services, we may process:
- IP address;
- browser and device type;
- operating system;
- language and time-zone settings;
- website activity;
- referral source;
- pages viewed;
- dates, times and duration of visits;
- cookie and consent preferences;
- security and diagnostic information; and
- identifiers generated through cookies or similar technologies.
Pseudonymous advertising and audience information
Depending on the product or service, we or our partners may process information connected to pseudonymous identifiers, including:
- cookie identifiers;
- mobile advertising identifiers;
- connected television or device identifiers;
- pseudonymous user, household or platform identifiers;
- hashed or otherwise transformed contact identifiers;
- IP-derived information;
- broad or approximate location;
- website, application or media interactions;
- advertising impressions and engagement;
- content interests;
- purchase or intent signals;
- demographic or lifestyle attributes;
- audience membership;
- inferred interests, characteristics or preferences;
- consent strings and privacy signals; and
- opt-out or suppression records.
Pseudonymous information can still qualify as personal data or personal information under applicable law. We therefore apply privacy and security controls even where the information does not directly identify someone by name.
Customer, supplier and partner information
We may process information required to evaluate, onboard and manage commercial relationships, including:
- company and ownership details;
- authorised representatives;
- commercial terms;
- invoices and payment records;
- compliance documentation;
- data-source information;
- technical integration details;
- platform credentials;
- audit records;
- due-diligence responses; and
- communications concerning the relationship.
Sensitive or specially protected information
Some laws give additional protection to information concerning matters such as health, ethnicity, religious or philosophical beliefs, political opinions, sexual orientation, precise geolocation, biometric identifiers or children.
Menarlo applies enhanced review and controls where a proposed data source or use may involve sensitive or specially protected information. Such information may only be processed where the activity is lawful, transparent, appropriately documented and supported by any consent or other legal condition required by applicable law.
We do not permit customers to use Menarlo data products to make unlawful or discriminatory decisions about individuals.
Where information comes from
We may obtain information:
- directly from individuals who contact us, use our website, attend an event or enter into a business relationship with us;
- from data owners and data suppliers;
- from publishers, application providers, retailers, media owners and other organisations that have a direct relationship with individuals;
- from advertising platforms, marketplaces, identity providers and technology partners;
- from customers, agencies and brands;
- from cookies and similar technologies used with the required notices and choices;
- from publicly available business and professional sources;
- from analytics, security and technical service providers; and
- through the combination, matching or modelling of permitted data sources.
We require partners to provide appropriate assurances concerning data provenance, transparency, permissions, lawful processing and the rights they have to provide or make data available.
Why we process information
Operating our website and business
This includes responding to enquiries, arranging meetings, providing requested information, managing accounts, administering contracts, issuing invoices and maintaining business records.
Evaluating and onboarding partners
We assess prospective data owners, suppliers, customers and technology partners to understand their services, data sources, technical capabilities, permissions, compliance arrangements and security standards.
Developing and managing data products
We may organise, standardise, match, analyse, model, segment, pseudonymise, aggregate or otherwise prepare permitted information so that it can be used for approved commercial purposes.
Audience activation and enrichment
Approved audience or data products may be made available through advertising platforms, marketplaces, data clean rooms, identity environments and other authorised destinations. These products may help customers understand audiences, enrich existing data, reach relevant groups and measure campaign performance.
Reporting, analytics and quality assurance
We use information to monitor integrations, assess data quality, measure reach, produce usage reports, reconcile commercial activity, identify technical issues and improve products and services.
Communications and marketing
We may send relevant business communications about Menarlo’s services, events, partnerships and industry developments. Recipients can unsubscribe from marketing communications at any time.
Security and fraud prevention
We process information to protect systems and data, control access, investigate suspicious activity, prevent misuse and maintain appropriate technical and organisational safeguards.
Compliance and legal obligations
We may process information to maintain compliance records, respond to privacy requests, honour consent and opt-out signals, investigate complaints, enforce contracts, establish or defend legal claims and comply with lawful requests from authorities.
Corporate activity
Information may be reviewed or transferred as part of a proposed or completed investment, financing, restructuring, merger, acquisition or sale, subject to appropriate confidentiality and data-protection measures.
Our lawful bases under UK and European data-protection law
Where the UK GDPR or EU GDPR applies, our lawful basis depends on the specific processing activity.
Consent
We may rely on consent where an individual has made a clear and informed choice, including for certain cookies, electronic marketing communications or advertising-related processing.
Consent can be withdrawn at any time. Withdrawal will apply to future processing and will not affect processing that was lawful before consent was withdrawn.
Legitimate interests
We may rely on legitimate interests where processing is reasonably necessary for a legitimate business purpose and those interests are not overridden by an individual’s rights and freedoms.
These interests may include:
- operating and securing our business;
- responding to business enquiries;
- managing professional relationships;
- preventing fraud and misuse;
- improving services;
- maintaining suppression and opt-out records;
- producing aggregated reporting; and
- developing and distributing responsibly governed data products.
Where legitimate interests are used, we assess the purpose, necessity and possible impact on individuals and apply safeguards appropriate to the circumstances.
Contract
We process information where necessary to enter into or perform a contract, including customer, supplier and partner agreements.
Legal obligation
We process information where necessary to comply with tax, accounting, regulatory, privacy, law-enforcement or other legal obligations.
Establishing, exercising or defending legal claims
Where applicable, information may be retained or used to protect legal rights, resolve disputes or defend claims.
Further information about transparency obligations and the right to be informed is available from the ICO.
Consent and privacy signals
Information used in advertising and data activation may carry technical signals that communicate an individual’s consent, objection or opt-out preference.
Where relevant to our role, we expect partners to:
- provide legally required notices;
- obtain consent where consent is required;
- record and transmit consent or privacy signals accurately;
- allow people to withdraw consent or object;
- pass updated preferences through the data supply chain; and
- stop or restrict processing when a valid preference requires it.
Where appropriate, we use suppression controls to help prevent identifiers associated with a valid opt-out request from being reintroduced into the same processing activity.
[OPTIONAL — INCLUDE ONLY WHEN OPERATIONALLY CONFIRMED] Menarlo supports recognised industry transparency and consent frameworks, including the IAB Europe Transparency and Consent Framework, where relevant to the data flow.
How we share information
Menarlo group companies
Information may be shared within the Menarlo group where required to deliver services, administer the business, manage relationships and maintain consistent privacy and security controls.
Data owners and suppliers
We may exchange reporting, quality, usage, privacy and technical information with the organisations that provide data or make it available.
Platforms and marketplaces
Data products may be distributed through authorised demand-side platforms, data marketplaces, clean rooms, identity providers, customer data platforms, data-management platforms, connected television environments and other activation destinations.
Agencies, brands and other customers
Customers may access audience segments, insights, activation capabilities or other data products in accordance with their contracts, platform terms and applicable law.
Technology and service providers
We use providers that support hosting, storage, security, analytics, communications, customer management, payment processing, professional services and technical integrations.
Professional advisers
Information may be shared with lawyers, accountants, auditors, insurers, consultants and other professional advisers where reasonably necessary.
Authorities and legal recipients
We may disclose information where required by law, court order or a valid request from a regulator or public authority, or where necessary to protect rights, property, safety or security.
Corporate transaction participants
Information may be disclosed to potential investors, purchasers, sellers, lenders or advisers involved in a corporate transaction, subject to appropriate protections.
We use contracts and other safeguards to define permitted purposes, confidentiality, security requirements, onward-transfer restrictions, deletion responsibilities and support for individual rights.
International data transfers
Menarlo works with organisations and technology providers in multiple countries. Information may therefore be accessed, stored or processed outside the country in which it was originally collected.
Where UK or European personal data is transferred internationally, we use an applicable transfer mechanism, which may include:
- a finding that the destination provides an adequate level of protection;
- the European Commission’s Standard Contractual Clauses;
- the UK International Data Transfer Agreement;
- the UK Addendum to the EU Standard Contractual Clauses;
- approved certification or contractual mechanisms; or
- another legally recognised safeguard.
Where required, we assess the circumstances of the transfer and consider supplementary technical, contractual or organisational measures.
Read the European Commission’s guidance on international data transfers and its Standard Contractual Clauses.
Data security
We maintain technical and organisational measures designed to protect information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, misuse or access.
Depending on the nature of the information and service, these measures may include:
- access controls based on business need;
- identity and authentication controls;
- encryption in transit and, where appropriate, at rest;
- network and system monitoring;
- logging and audit trails;
- separation of customer and partner environments;
- pseudonymisation and aggregation;
- secure development and change-management practices;
- vulnerability and incident-management procedures;
- supplier security reviews;
- confidentiality obligations;
- staff awareness and training; and
- business-continuity and recovery arrangements.
No system can guarantee complete security. We continually review our controls and respond to changes in technology, risk and legal requirements.
Data quality
We take reasonable steps to help ensure that information is appropriate for its intended purpose.
Our processes may include:
- reviewing the source and age of data;
- assessing coverage and accuracy;
- validating formats and taxonomies;
- identifying duplication or anomalies;
- monitoring usage and performance;
- applying refresh and expiry rules; and
- enabling correction, suppression or deletion where required.
Audience attributes and inferred interests describe probabilities or group characteristics. They should not be treated as definitive statements about a particular individual.
Data retention
We retain information only for as long as reasonably necessary for the purpose for which it was collected, including legal, contractual, accounting, security and compliance requirements.
Retention decisions take account of:
- the type and sensitivity of the information;
- the purpose of processing;
- the duration of the customer or partner relationship;
- contractual requirements;
- applicable limitation periods;
- legal and regulatory obligations;
- the risk associated with continued retention; and
- whether the information can be aggregated, anonymised or deleted.
The principal retention periods used by Menarlo are:
Website enquiries and general correspondence: [INSERT RETENTION PERIOD]
Customer and partner relationship records: [INSERT RETENTION PERIOD]
Contracts, invoices and accounting records: [INSERT RETENTION PERIOD]
Pseudonymous audience and activation data: [INSERT RETENTION PERIOD OR EXPLAIN PRODUCT-SPECIFIC RETENTION]
Consent, objection and opt-out records: [INSERT RETENTION PERIOD]
Security and technical logs: [INSERT RETENTION PERIOD]
Unsuccessful supplier or partner due-diligence records: [INSERT RETENTION PERIOD]
Information may be retained for longer where required by law, reasonably needed for a dispute or held in a restricted suppression record so that a privacy preference continues to be honoured.
At the end of the applicable period, information is deleted, anonymised or securely isolated from ordinary use.
Profiling and automated processing
Some data products may involve profiling. Profiling can include analysing pseudonymous signals and assigning an identifier to an audience group based on observed, declared, modelled or inferred characteristics.
Examples may include broad interests, purchase intent, media preferences, lifestyle attributes or likely demographic characteristics.
Menarlo data products are intended to support advertising, audience insight, activation and measurement. They are not designed to make solely automated decisions that produce legal or similarly significant effects on individuals.
We prohibit the use of Menarlo products for unlawful eligibility or high-impact decisions concerning matters such as:
- employment;
- credit or lending;
- housing;
- insurance;
- healthcare access;
- education admissions;
- essential services; or
- criminal justice.
Where applicable law gives an individual rights relating to profiling or automated decision-making, those rights can be exercised through our privacy-request process.
Children’s privacy
Menarlo’s website and services are directed towards businesses and professional users.
We do not knowingly seek to collect or commercialise personal information from children. Data partners are expected to identify and comply with age-related restrictions and obtain any parental authorisation or affirmative consent required by law.
Where we discover that children’s information has been provided or processed contrary to our requirements, we will take appropriate steps to restrict or delete it.
We do not knowingly sell or share the personal information of consumers under 16 without the affirmative authorisation required by California law.
Our expectations of partners
Data protection is a shared responsibility across the data supply chain.
We expect organisations working with Menarlo to:
- collect and use information lawfully, fairly and transparently;
- maintain accurate records of data sources and permissions;
- provide required privacy notices;
- obtain valid consent where required;
- transmit consent and opt-out signals accurately;
- honour withdrawal, objection, deletion and suppression requirements;
- limit data to permitted purposes;
- apply appropriate security controls;
- restrict onward disclosure;
- avoid unlawful discrimination or harmful targeting;
- cooperate with privacy investigations and requests; and
- notify us promptly of incidents that may affect Menarlo data or services.
We may suspend or terminate access where we identify a material privacy, security or contractual concern.
Governance and accountability
Our privacy-governance programme may include:
- documented data inventories and processing records;
- supplier and partner due diligence;
- data-protection impact assessments where required;
- legitimate-interest assessments;
- data-processing and data-sharing agreements;
- transfer assessments;
- retention and deletion procedures;
- individual-rights procedures;
- incident-response plans;
- security and privacy training;
- product and use-case reviews; and
- periodic review of suppliers and controls.
We update our approach as laws, regulatory guidance, technologies and industry practices develop.
Additional privacy documents
This Data Protection and Privacy page provides an overview of Menarlo’s approach.
More detailed information may be available through:
Do Not Sell or Share My Personal Information
[CREATE AND LINK: SUPPLIER AND PARTNER PRIVACY NOTICE]
Where there is a conflict, the privacy notice applying to the specific Menarlo entity, product, contract or interaction will govern.
Contact Menarlo
Questions about this page or our privacy practices can be sent to:
Privacy team
Email: [INSERT PRIVACY EMAIL ADDRESS]
Data Protection Officer or privacy lead
[INSERT NAME OR ROLE, IF APPLICABLE]
Menarlo legal entity
[INSERT FULL LEGAL ENTITY NAME]
[INSERT COMPANY REGISTRATION NUMBER]
[INSERT REGISTERED ADDRESS]
[INSERT COUNTRY]
UK representative
[INSERT DETAILS IF REQUIRED]
European Economic Area representative
[INSERT DETAILS IF REQUIRED]
Changes to this page
We may update this page to reflect changes to our services, processing activities, legal obligations or regulatory guidance.
Material changes will be highlighted where appropriate. The current version will always show its effective date.
Effective date: [INSERT DATE]
Last updated: [INSERT DATE]