The Hedonist Group LLC Data Policy
This policy governs each website, mobile site, application, and/or other property or
service in all media (each, a “Website”) owned or provided by The Hedonist Group LLC
and its subsidiaries (“we,” “us,” or “our”) and it binds all those who access, visit and/or
use the Website, whether acting as an individual or on behalf of an entity, including
without limitation advertisers, creative and media buying agencies, analytics companies,
survey/research vendors, widget providers, and other service providers, and all other
entities that may collect digital content by any manner or medium whether now known or
hereafter developed (collectively, “you” or “your”). This policy shall apply equally to all
of your vendors, service providers, subcontractors, partners, agents, representatives, and
any other third parties acting on your behalf. Without limitation and for the avoidance
of doubt, this policy further applies to all vendors providing services to us.
This policy governs all data collected or received from the Website, by any means,
including without limitation via an advertising unit, widget, code (as defined below) or
other data collection process whether now known or hereafter developed, including
without limitation data that relates to usage of the Website, user behavior, and/or
analytics (collectively, “Data”).
The placement of your advertising on the Website, or your collection of Data, access,
visitation and/or use of the Website constitutes your agreement to this policy as well as
This policy may be modified from time to time in our sole discretion. Continued access of
the Website by you will constitute your acceptance of any changes or revisions to the
(1) You will not collect or use, or direct, authorize or assist other persons or entities to
collect or use, any Data, nor will you access or place any code, or direct, authorize or
assist other persons or entities to access or place any code, on the computer or device
operated by a user of the Website, including without limitation via actions such as cookie
synching, without our prior express written permission in each instance. As used
throughout this policy, “code” shall mean all pixel tags, cookies, clear gif, HTML, web
beacon, scripts and all other tracking technologies.
(2) Without limiting the generality of the foregoing: (a) no Data may be collected, used or
transferred for purposes of retargeting, behavioral remarketing, or targeting any
advertisements, segment categorization or any form of syndication which is related to
any Website, its content, or its users without our prior express written permission in
each instance; and (b) you may not place any code that collects Data or tracks user
activity on any Website without our prior express written permission in each instance.
(3) All Data collected is and will continue to be anonymous or you will immediately
anonymize such Data. You will not deliberately collect Data that is “personally
identifiable” or that constitutes “personal information” according to any applicable law,
regulation, or agreement to which you are a party, and to the extent such Data is
accidently collected, you will immediately securely delete or discard such Data. Without
limiting the generality of the foregoing, you do not and will not aggregate Data collected
into databases or engage in any other process that would result in the collation or
organization of the Data such that the Data in such combined form would provide
sufficient detail to enable the identification of individual users even if such Data was
originally collected anonymously.
(4) All Data is and will continue to be our exclusive property. You may only use the Data
in accordance with the agreement between us and you, subject to applicable
confidentiality provisions, and must be destroyed by you upon completion of the project
or termination of the Agreement, except as expressly set forth therein.
(5) Without limiting the generality of the foregoing, you will not use, resell or otherwise
distribute Data: (a) to retarget users outside of our Website, (b) in a manner that
competes with our advertising services (including, by way of example and not limitation,
by claiming to provide Data that identifies our users or users that “look like,” or share
characteristics of our users, without necessarily tagging them on the Website), (c) as
Data about, originating from or otherwise related to us, our customers, or the Website,
and shall not label, denote or refer to in any manner the Data as having been derived
from us or the Website, whether or not such Data contains any personally identifiable
information, or (d) combine Data with third party data to create a new audience profile.
(6) Specific guidelines applicable to cookies on the Website:
(a) The billable tracking cookie and rich media tags of any rich media served units must
be submitted to us for written approval prior to deployment and may not be
implemented on the back end of the rich media tag;
(b) All cookies must contain a functioning expiration date which occurs after the time of
(c) Unless we approve a later expiration date in writing, all cookies used in advertising
campaigns must expire on the date that the ad campaign ends and all other cookies must
expire no later than one (1) month after the date on which the cookie is stored; and
contains clear instructions on the process to opt-out of the services controlled by that
cookie. At our request, the domain owner shall provide us with a link to the applicable
(7) Pixel tags on the Website may not be used in non-standard IAB, OPA, added value, or
remnant online advertising units.
(8) You may not use Flash cookies, HTML storage or any forms of locally stored objects on
the computer or device operated by a user of the Website.
(10) No more than one asset may be loaded, unless we approve in writing. This includes
your 1 st party assets as well as any 3 rd party assets you may utilize. Specific guidelines
(a) may not perceptibly increase the overall page latency during loading;
(b) must be able to support 4000 requests per second with 100 milliseconds or less Time
to First Byte response and must fully load in 200 milliseconds or less;
(c) may only load after the online advertising unit itself loads using a “polite download”
(d) may only trigger a single DNS lookup;
(e) must return the correct MIME Content Type (e.g. image/gif for GIF images,
(f) may not be over 1 kilobyte in size unless we approve in writing; and
(g) must support TLS/HTTPS.
(10) Redirects are not permitted. Only direct requests can be made.
(11) You will not block or otherwise limit delivery of advertising for any reason related to
impression guarantees, verification or other targeting, without our express prior written
permission in each instance.
(12) We (and our representatives) shall have the right to inspect, review, and examine
your policies, procedures, practices, records, and systems to verify compliance with this
policy, provided that such inspection and review is conducted during reasonable business
hours with no less than five (5) business days’ prior notice.
(13) You do and will employ up-to-date, industry recognized “best practices” with respect
to technology and procedures to prevent and detect theft, piracy, leakage, unauthorized
access, copying, duplication or distribution of all Data.
(14) You will notify us of any actual or suspected breaches of security in connection with
Data as soon as practicable, but no later than one (1) week of discovery of such incident.
(15) Without limiting any of the foregoing, you hereby represent and warrant that you do
and will comply with all applicable international and U.S. federal, state, and local laws,
rules, regulations, legal orders or decrees and similar promulgations in connection with
your collection, use and distribution of Data, including without limitation the Children’s
Online Privacy and Protection Act (COPPA), the EU ePrivacy Directive, and FTC guidelines,
as well as laws or regulations limiting the types of Data that can be collected (e.g., health
information, credit scores etc.).
(16) You will provide a meaningful opportunity for users to opt-out from Data collection
and targeting by you and your affiliates and customers. Data collection must respect Do
Not Track headers.
(17) You will comply with the Self-Regulatory Principles for Online Behavioral Advertising
as promulgated by the Digital Advertising Alliance (“DAA”), which is explained in detail
atwww.AboutAds.info, to the extent such principles, or part thereof, are applicable to
your activities in connection with the Website.
(18) You will make reasonable efforts to use secure coding practices in the provision of
all services to us and in all interactions with our users or customers. Secure coding
practices means coding practices capable of meeting Level 2 of the most recent
Application Security Verification Standard (ASVS) published by the Open Web Application
Security Project (OWASP).
(19) You will not grant access to Data to any third party except a) on a need to know
basis in order to provide specific services to you; b) after conducting a reasonable
investigation of such third party; and c) upon entering a written agreement with such
third party which contains obligations which are at least as restrictive as the foregoing.
(20) Our failure to object to your action or inaction, or our prior express written
permission, in any instance does not and may not be deemed to constitute our opinion
that such action or action is in compliance with, or brings you into compliance with, this
policy or any applicable law, rule, regulation, legal order, or decree, and does not in any
circumstance relieve you of your obligations to comply in all respects with this policy.