Last Updated June 30, 2025
Overview
This Services Privacy Policy (“Services Privacy Policy”) explains how Nexxen (“Nexxen”, “we”, “us” or “our”) collects, uses, and shares “Personal Information” in connection with our digital advertising services.
This Services Privacy Policy applies to Personal Information we process as a “data controller” or a “business” and does not apply to information we handle on behalf of our Clients (i.e., when Nexxen acts as a “service provider” or “processor”). For terms related to Personal Information that we collect when you visit our website or if you are a Client please visit our Website Privacy Policy.
Nexxen operates a global advertising technology platform offering data-driven advertising solutions across websites, mobile applications, connected TV (“CTV”) platforms, linear television, and digital channels (collectively, “Digital Properties”) as part of our digital advertising services (the “Services”). Through integrated demand-side and supply-side platforms, proprietary data management tools, creative capabilities, and AI-powered technologies, Nexxen facilitates the connection of data, creative, and media across the buy and sell sides of the advertising ecosystem. Our Services support advertisers, agencies, publishers, and other partners (“Clients”) in delivering, optimizing, and measuring targeted advertising with greater efficiency and transparency. Our platform capabilities include real-time bidding, audience segmentation, cross-device identity resolution, and contextual and behavioral targeting, and ACR data licensing, conducted in compliance with applicable legal bases (e.g., user consent or legitimate interest) depending on jurisdiction.
We design our Services to support responsible data use and to comply with global privacy laws, including the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), and similar laws.
Privacy Summary
Topic | What You Need to Know
|
What We Collect | Device data, browsing activity, location, ad interactions, demographics, and survey responses
|
Why We Collect It | To deliver relevant ads, measure performance, prevent fraud, and improve our services
|
How We Collect It | Through cookies, tracking technologies, third-party platforms, and client data integrations
|
Who We Share With | Service providers, ad partners, measurement vendors, and legal/regulatory authorities if required
|
Your Rights | Access, delete, correct, opt-out of sharing or selling, and restrict the processing of your data
|
How to Exercise Your Rights | Visit our privacy center
|
International Transfers | Data may be stored or transferred outside your region with appropriate safeguards
|
Data Retention | Data is retained only as long as needed for service delivery or legal reasons
|
Children’s Privacy | We do not knowingly collect data from children under 16
|
Summary: This section explains the categories of Personal Information we collect, where it comes from, and how we use it to deliver and improve our Services.
We collect and process Personal Information from a variety of sources to operate and improve our Services. Depending on how you interact with our platform, we may collect the following types of information:
Category
| Examples | Source of Personal Information
| Purpose |
Device and Location Data | Device type, operating system, IP address, general location | Device/browser or CTV apps via tracking technologies, Clients
| Service delivery, targeting, and fraud protection
|
Identifiers | IP address, mobile ad identifiers, hashed or obfuscated user identifiers (e.g., UUIDs, hashed email), probabilistic identifiers, and other device identifiers
| Tracking Technologies on Digital Properties | Recognizing users across platforms, advertising delivery, analytics |
Browsing and Interaction Data | Website/app interactions, timestamps, page views, clicks
| Website or app interaction | Engagement analysis, content personalization |
Viewing Data | The use of Automatic Content Recognition (“ACR”) technology to collect certain data from a Smart TV, including a Smart TV’s identifier, IP address, and viewed content and ads information (together “Viewing Data”)
| ACR-enabled Smart TVs | Deliver and measure personalized ads shown to you on a Smart TV or other linked devices belonging to you or your household |
Behavioral Data | User demographics (such as age, gender, income, marital status, or interests), user preferences, patterns, click and video interactions, and behavioral or interest-based data. We may also receive information from advertisers and advertising platforms to match the right advertisements to the appropriate audiences
| Inferred or third-party data partners, and Media Buyers inputs | Interest-based segmentation, campaign optimization |
Audience Segments | Aggregated groups like “sports fans” or “comedy viewers”
These are based on online activity, offline data (linked via hashed IDs) which may include demographic or health information. | Inferred from activity or provided by Clients. | Tailored advertising targeting, reach expansion |
Survey Data | Survey responses, device info, facial response data (if consented, analyzed via Affectiva technology) to gauge emotional responses during video viewing. You can opt out of webcam usage at any time. Data collected during surveys may be combined with other information or used to generate inferences; however, Personal Information is separated from the facial data unless you specifically opt-in.For more information, you can view Affectiva’s privacy policy.
| From voluntary surveys | Market research, creative optimization, and brand testing |
Offline/Online Transaction/ Conversion data | Purchase behavior to measure ad effectiveness.
| From advertisers or e-commerce events | Attribution, ROI measurement |
Summary: This section explains who we share Personal Information with, for what purposes, and under which lawful basis.
Categories of Personal Information Shared | How Personal Information is Used or Shared
| Category of Recipients | Lawful Basis |
Identifiers, Device and Technical Data (e.g., IP address, device type, browser type), Commercial Data (e.g., purchase behaviors)
| Used to deliver services, improve functionality, and monitor performance | Affiliates and Service Providers – organizations that process data on our behalf | Contractual necessity, Legitimate interests
|
Identifiers, Browsing Data, Geolocation Data, Viewing and Interaction Data, Demographic Segments
| Audience insight, ad targeting and measurement | Media Buyers | Consent, Legitimate interests |
Identifiers, Device and Technical Data, Demographic Segments
| Real-time bidding, platform delivery | Advertising Ecosystem Participants | Consent, Legitimate interests |
Viewing and Interaction Data, Browsing Data, Survey Responses
| Campaign measurement and audience analysis | Measurement Providers | Consent |
Commercial Data, Interaction Data, Identifiers
| Performance reporting and segmentation. | Attribution and Analytics Partners | Consent, Legitimate interests |
All categories, as necessary and limited to the transaction context | Corporate restructuring or acquisition | Business Transactions | Legitimate interests, Legal obligation |
All categories, legally required | Legal compliance and enforcement | Legal and Compliance | Legal Obligation |
Joint Controllership and TCF Consent Signals
We support industry initiatives for greater transparency and user control over the use of data for advertising purposes. This is the reason why we participate in the IAB Europe Transparency & Consent Framework (“IAB EU TCF”), comply to IAB EU TCF’s Specifications and Policies, and deliver advertisements in digital properties that deployed an IAB EU TCF-compliant consent and management platform. Our identification numbers within the IAB EU TCF is 36 for the supply-side platforms and 23 for the demand-side platform.
Summary: This section outlines how we use the Personal Information we collect.
Purpose | Use
| Lawful Basis |
Personalized Advertising/Targeted Advertising
| Delivering advertising to a defined audience | Consent |
Contextual Advertising | Showing ads relevant to content you view
| Consent |
Measurement and Reporting | Evaluating advertising effectiveness and managing frequency
| Consent |
ID Synchronization | Matching identifiers across platforms
| Consent |
Identity Graph Building
| Help our Clients to create “identity” graphs, to help locate users across various channels, such as based on common personal, device-based, or network-based identifiers (e.g., IP address). Users may opt out of this type of processing where required by law. We implement safeguards to prevent re-identification and limit the use of these graphs to advertising and measurement purposes only.
| Consent |
Audience Creation | Grouping users by interests and behaviors (like “sports fans” or “comedy lovers”)
| Consent |
Advertising Creative and Content Optimization | Analyzing viewer reactions and engagement
This data will not be used to identify or contact you or target or re-target relevant advertising or other content to you
| Consent
|
Location-Based Advertising | Tailoring advertising based on general location | Consent |
Product Improvement
| Improving current products and building new products and services, and to diagnose errors
| Legitimate Interest |
Security, fraud prevention, and fix errors, regulatory and legal compliance
| Preventing fraud, maintaining system integrity, and meeting legal obligations
| Legitimate Interest, Legal Obligation |
Statistical information | Creating anonymous or aggregated insights. We obtain this statistical information from commercially available sources (as permitted by law) such as our third-party service providers.
| Consent, or Legitimate Interest if fully anonymized |
Summary: This section outlines how users and partners can control the collection and use of Personal Information across our Services.
Industry Tools
You can use opt-out tools offered by industry organizations such as the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA)Digital Advertising Alliance (EDAA), and the Digital Advertising Alliance of Canada (DAAC).
Platform Tools
Control | What it Does | How to Use It
|
Browser Settings | Manage Tracking Technologies | Look under Privacy or Security settings in your browser
|
Device Settings | Control advertising identifiers | Find “Privacy” or “Ads” in your device settings
|
Smart TV Opt Out | Disable ACR | Look under the Settings of the Smart TV
|
To access and exercise your privacy preferences, including opting out of targeted advertising or data sale/sharing, managing consent, or submitting access or deletion requests, please visit our privacy center. We make no representation about the accuracy or effectiveness of other providers opt-out mechanisms, including those listed on the above industry websites.
Summary: This section clarifies our policy regarding children’s data.
We require Clients to avoid collecting or disclosing information from children under applicable legal age thresholds. We do not knowingly collect, use, or disclose information from children under the age of 16 (or the permitted legal age, where older). We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and take steps to prevent data collection from users under 13 without verified parental consent.
Summary: This section outlines how long we retain Personal Information.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, as described in this policy, unless a longer retention period is required or permitted by law.
Category | Retention Period
|
Identifiers and tracking data | Cookies with defined expiration periods, including a standard 13-month expiration for European users.
|
Bidstream Data | 30 days
|
We apply internal retention schedules and deletion protocols to securely remove or de-identify Personal Information when no longer needed.
Aggregated and de-identified data, which no longer identifies individuals, may be retained for analytical and reporting purposes for up to two years or as permitted by law.
Summary: This section explains where we store and transfer your Personal Information, and the safeguards we use when data is moved across borders.
Your Personal Information may be stored and processed in jurisdictions including Australia, Canada, European Economic Area (EEA), India, Israel, Japan, Singapore, United Kingdom, United States, and for non-U.S. citizens, in Hong Kong. Data.
In the course of delivering our Services, your Personal Information may also be transferred to, and processed by, our service providers, Clients, and partners located in countries outside of your home jurisdiction, including outside the UK and EEA. These countries may have data protection laws that differ from, and may offer a lower level of protection than, those in your jurisdiction. Where such transfers occur and an adequacy decision has not been issued by the relevant authority (e.g., the European Commission or UK Secretary of State), we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum. We also implement additional technical and organizational safeguards to ensure that your data is handled securely and in accordance with applicable data protection laws.
Summary: This section explains your data protection rights based on your location.
If you’re located in the European Economic Area (EEA), United Kingdom (UK), or Israel, you have the following rights regarding your Personal Information:
Jurisdiction
| Privacy Rights |
EEA | Access, Rectification, Erasure (Right to be Forgotten), Restriction of Processing, Data Portability, Objection, Withdrawal of Consent. Complaints can be lodged with the relevant Supervisory Authority.
|
UK | Same as EEA; lodge complaints with the UK Information Commissioner’s Office (ICO).
|
Israel | Access, Correction, Deletion (where justified), Objection to Use for Direct Marketing. Complaints can be lodged with the Israeli Privacy Protection Authority.
|
You can exercise these rights by visiting our privacy center.
If you have a concern about our processing of Personal Information, we encourage you to contact us so we can address your issue. However, if we are not able to resolve it, you have the right to lodge a complaint with the Data Protection Authority where you reside.
External EU and UK Data Protection Officer: ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Burchardstraße 14, 20095 Hamburg, Germany
Summary: This section describes how we protect your Personal Information using technical and organizational security measures.
We take appropriate technical and organizational measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data we collect and store. These may include internal audits, role-based access controls, logical data segregation, security logging and monitoring, network security and other security measures.
Summary: This section outlines your privacy rights under U.S. state laws, including how to access, delete, or opt out of the sale or sharing of your Personal Information.
Depending on your state of residence, you may have specific rights to your Personal Information including the right to request access to, deletion and correction of, an opting out of the sale or sharing of, your Personal Information. This Section applies if you are a natural person who is a resident of California, Colorado, Connecticut, Delaware, Iowa, Florida, Montana, New Hampshire, Nebraska, New Jersey, Oregon, Texas, Utah, Virginia, or another U.S. state with applicable privacy laws (“Consumer”), when we act in the capacity as a “business” or “controller” as defined by the laws of such states.
The following sets forth the categories of information we collect and purposes for which we may use Consumers’ personal information. (Examples provided for each category are merely examples found in the statute, and do not indicate that we necessarily collect that type of information or identifier).
a. Categories of Consumer Personal Information We Collect and Use
Depending on how you interact with us, we may collect Personal Information about you. The table below reflects categories of Personal Information under CCPA and also describes how we collect and use such categories of information.
Categories of Personal Information | Examples | Categories of Sources | Business Purpose |
Internet or other electronic network activity | Browser and device information, operating system, IP address, IP address, and browsing history
| Through automated means such as cookies and other data collection tools when you visit a digital property that uses our advertising services technology. | Providing our advertising and related services such as campaign measurement and data marketing. |
Commercial or transactions information | Products or services purchased, obtained, or considered, or other purchasing or consuming histories or preferences | Through automated means such as cookies and other data collection tools when you visit a digital property that uses our advertising services technology. | Providing our advertising and related services such as campaign measurement and data marketing. |
Geolocation data | General Geolocation data | Through automated means such as cookies and other data collection tools when you visit a digital property that uses our advertising services technology. | Providing our advertising and related services such as campaign measurement and data marketing. |
Inferences drawn from Personal Information | Consumer information, lifestyle or purchasing preferences | Through automated means such as cookies and other data collection tools when you visit a digital property that uses our advertising services technology. | Providing our advertising and related services such as campaign measurement and data marketing. |
Internet or other electronic network activity | Browser and device information, operating system, IP address, IP address, and browsing history | Clients and third-party aggregators | Providing our advertising and related services such as campaign measurement and data marketing. |
Geolocation data | General geolocation data | Clients and third-party aggregators
| Providing our advertising and related services such as campaign measurement and data marketing. |
Characteristics of protected classifications | Gender, age, race
| Clients and third-party aggregators
| Providing our advertising and related services such as campaign measurement and data marketing. |
Identifiers | Client or third party provided identifiers | Clients and third-party aggregators
| Providing our advertising and related services such as campaign measurement and data marketing. |
Inferences drawn from Personal Information | Consumer information, lifestyle or purchasing preferences | Clients and third-party aggregators
| Providing our advertising and related services such as campaign measurement and data marketing. |
Professional or employment-related information | Current or past job history or job title
| From you directly when you provide such information or through automated means such as cookies and other data collection tools when you visit our digital properties. | Business operations |
Internet or other electronic network activity information | Browser and device information, operating system, IP address, IP address, and browsing history
| From you directly when you provide such information or through automated means such as cookies and other data collection tools when you visit our digital properties. | Business operations |
Identifiers | Name, address, contact Information | From you directly when you provide such information or through automated means such as cookies and other data collection tools when you visit our digital properties. | Business operations
|
b. Our Business for Selling and Sharing Personal Information
As defined in CCPA, we may share and sell the information collected from and about you as discussed above for various business purposes, with service providers and with third parties including our Clients, advertising platforms, and those advertising platforms’ customers. These business purposes often involve cross-context behavioral advertising, also known as “targeted” advertising. ”Selling” and “Sharing” information are defined under California privacy laws (but not necessarily other states’ privacy laws) and includes using (or permitting others to use) the information we collect for cross-context or “targeted” advertising.
We collect and share the personal information that we collect for the purposes below and as described in this Services Privacy Policy.
Online Advertising & Targeting
Internal Business Uses
Sharing Personal Information
c. Our Retention of Personal Information
We retain personal information as a “business” or “controller” under applicable state privacy laws if it is relevant and useful for purposes of our products and services or we have a legal or compliance reason to do so, and provided the information is not subject to a valid request for deletion. We may retain information after deletion where legally permitted or required for legal compliance, auditing, or accounting.
d. Your Privacy Rights and Choices
As noted above, residents of certain U.S. states have particular privacy rights (“Applicable State Residents”). The scope and nature of these rights vary in each state, so we have sought to explain these rights in the most transparent and uniform terms, below.
Without being discriminated against for exercising these rights, California residents, as well as residents of the Applicable States, have the right to request that we disclose what Personal Information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. If you are a resident of such a state, you also have the right to designate an authorized agent to exercise these rights on your behalf (so long as your state of residence continues to recognize that right).
This section describes how to exercise those rights and our process for handling those requests. We may withhold these rights to the extent that the law in your state of residence does not recognize or no longer recognizes these rights.
Note that sometimes, we act only as a “service provider” or “processor” to our customers (for instance, if they provide information to us solely to use our marketing or data management tools), in which case any consumer requests for opt-out, deletion or access to data must be made through that Client.
1. The right to access, correction and disclosure
You may have the right to request, twice during a twelve-month period, the following information about the personal information we have collected about you during the past 12 months:
You also may request correction of your personal information, such as if you believe we have incorrect information pertaining to you.
2. The right to deletion
You may have the right to request that we delete the personal information we have collected from you. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide our Services to you, and may retain certain information for important business purposes, such as fulfilling our legal obligations, or for security, auditing or de-bugging purposes.
3. How to exercise your access and deletion rights
California residents and residents of Other Applicable States may exercise their access or deletion rights by accessing our privacy center.
For security purposes, we will verify your identity in part by requesting or automatically capturing certain information from you when you request to exercise your applicable privacy rights. For instance, you may need to provide your email address. To request that we provide you with the specific pieces of personal information we have from you or to delete personal information we have collected from you, we may also need to ask you for additional information to verify your identity. Once we have verified your identity (and your agent, as applicable), we will respond to your request as appropriate.
If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.
4. The right to nondiscrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
5. The right to “opt-out” of the sale of your personal information
You have the right to opt out of the “sale” of your personal information. California law (for instance) broadly defines sale such that it may include, for example, allowing third parties to receive and use certain information, such as Tracking Technologies, IP address and/or browsing behavior, to deliver targeted advertising.
If you wish to “opt out” of our “sale” of your information, i.e., for purposes of personalized advertising, we recommend employing the options we provide and explain in Section 6. Please visit our privacy center to exercise your opt-out rights.
6. Authorized Agent
You may also designate an authorized agent to make requests to exercise your rights, where applicable state law (such as the CCPA) permits you to do so. In such case, we will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a validly executed power of attorney.
7. Right to Appeal
In some states you have a right to appeal our decision about how or whether we honor your privacy rights request(s). In the event that we inform you that we will not, or believe we cannot, honor a particular consumer request (for instance, if we have determined we cannot verify your identity, or if we believe you are not entitled to the scope of deletion you request), and you live in such a state, you may appeal our determination via our privacy center.
8. Annual Data Requests
The table below sets forth additional privacy disclosures with respect to our processing of data subject rights requests. Between January 1, 2024 and December 31, 2024, across the United States, we processed the following data subject requests of consumers:
Request Type | Number Received | Number Complied with in Whole or Part | Number Denied* | Median Response Time in Days* | Mean Response Time in Days* |
Access | 89 | 38 | 51 | 19 | 18 |
Delete | 67 | 66 | 1 | 21 | 29 |
Opt-Out | 140 | 62 | 78 | 7 | 7 |
* Indicates maximum response time based on fulfillment across all states.
e. Texas Data Broker Disclosure:
Nexxen is registered as a Data Broker with the Texas Secretary of State, as required by Texas law. For additional information visit https://www.sos.state.tx.us/index.shtml
f. California “Shine the Light” Law
California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits California residents to request and receive, once per calendar year and free of charge, information about our sharing of your personal information (if any) with third parties for their own direct marketing use. Nexxen does not share your personal information with third parties for their own direct marketing purposes.
If you need to reach us, please email privacyrights@nexxen.com. Our corporate headquarters are located at 82 Yigal Alon St. 13th Floor Tel-Aviv, 6789124 Israel.
We may update this Services Privacy Policy from time to time to reflect legal, technical, or operational changes. Any updates will become effective when posted, unless a different effective date is required by applicable law.
The “Last Updated” date at the top of this Policy reflects the most recent revision.
