Who we are and how to contact us
We are Mantis, an ad tech company proudly part of ReachPLC. Our address is: Reach Plc, One Canada Square, Canary Wharf, London E14 5AP. The Reach Plc Privacy Notice is here.
When working with our client partners, Reach Shared Services is the “data processor” as defined by the EU General Data Protection Regulation for the Personal Data collected through our Websites. When utilised on Reach owned and operated sites, Reach Shared Services is the “data controller”.
For all queries, including but not limited to data usage, data privacy, and any concerns or questions you might have, please contact us via email at: dataprotection@mantissolutions.com
We are committed to addressing your concerns promptly and thoroughly, ensuring that your experience with Mantis is both secure and transparent.
About this Privacy Notice
This Privacy Notice describes the kinds of information we hold, what we do with it, and why.
It applies to our client partners who utilise our services and describes the way we use, collect and share data as part of delivering our services.
Mantis offers a range of products, with plans to develop more in the future. Our services currently focus on brand safety and contextual analysis by gathering non-personal data, such as content from across ReachPLC and our publisher partners. This data helps us create segments and inform content recommendations.
This Privacy Notice was last updated on 18/07/2024. We may update this Privacy Notice from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. Where changes are material, we may also notify you of them by email.
Clients site data, to deliver our services
In the instances where our products use personal data our processing of personal data is grounded in the consent mechanism within the Transparency and Consent Framework (TCF). We rely on our publisher partners to collect consent on our behalf through their Consent Management Platforms (CMPs) on their pages. This consent allows us to at their instruction act as their processor and use the gathered data for ad targeting, enabling us to customise ad delivery locations, frequencies, and the systems responsible for their delivery.
To enable this content processing, we share some publisher content with AI partners, specifically IBM Watson. We prioritise privacy by having opted out of IBM Watson AI model training use of our, or our publishing partners data. Focusing instead on fine-tuning and adjusting our own Mantis models.
When you use a Mantis Product
The data we collect and what we do with it
We collect the information that is necessary to conduct our business, to provide the services you have requested and to keep you informed. We will collect and process your personal data in accordance with this privacy notice and any other agreement that we may have with your business.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: including first name, last name, username or similar identifier, title.
- Contact Data: including billing address, email address, and telephone numbers.
- Financial Data: including bank account and payment card details (we only use this data for payment processing purposes).
- Transaction Data: including details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data: including IP address, your login data, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives us information about how you accessed our website.
- Profile Data: including your username and password, purchases or orders made by you.
- Usage Data: including information about how you use our website, products and services.
- Marketing and Communications Data: including your preferences in receiving marketing from us and your communication preferences.
We do not hold any "special category" data about you (such as data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, data about your health and genetic and biometric data).
We collect personal information related to you, your employees, and your representatives when you decide to interact with us or enter into a contract with us. We also look at how you interact with our websites so that we can offer you the best possible experience.
We use your data to:
- Verify your identity and entitlements to our products and services when you contact us or access our services.
- Protect you from fraud prevention and detection.
- Supply services to you.
- Send statements and invoices to you, and collect payments from you.
- Provide commercial quotes to you.
- Enable statistical analysis (e.g. on the use of our websites).
- Operate and improve our websites and services.
- Supply services to you and manage your subscriptions.
- Notify you of any changes to our websites or our services and products which may affect you.
- Provide you with technical and customer support.
- Enforce our legal rights or comply with legal requirements.
- Send newsletters and marketing where you have signed up to receive it.
- Send service emails such as notifications, alerts, receipts, confirmations etc. that we may need to send to you as a user of our services.
Our legal basis
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal or regulatory obligation.
- Where it is in our legitimate interests, including our commercial interests in operating the Mantis customer facing platforms, and providing you with access to our products.
- We make sure that we consider and balance any potential negative impact on you and your rights before we process your personal data.
- Where you have signed up to receive Mantis marketing, news and updates we rely on your Consent.
- When we send a Service communication we do not rely on consent to send these messages since they broadly comprise communications which we will send in connection with the provision of our services to you. For example; the purchase of a product or subscription to a Mantis product.
When you use Mantis for Brand Safety
Mantis for brand safety is based on page-level data. It does not gather any personal information or any persistent identifiers that could be linked to a person. All of the data is based on the text of an article and is linked to an article ID or a URL.
The data we collect and what we do with it:
- Data Collected: Text of an article, article ID, URL.
- Usage: Analyse the content to deliver relevant advertisements.
We do not collect or process personal data as part of the operations of the Brand Safety and or Contextual Advertising products.
When you use Mantis for Contextual Advertising
Mantis for contextual advertising is based on page-level data. It does not gather any personal information or any persistent identifiers that could be linked to a person. All of the data is based on the text of an article and is linked to an article ID or a URL.
The data we collect and what we do with it:
- Data Collected: Text of an article, article ID, URL.
- Usage: Analyse the content to deliver relevant advertisements.
We do not collect or process personal data as part of the operations of the Brand Safety and or Contextual Advertising products.
When you use Mantis Curate
Mantis Curate builds targeted segments for contextual advertising based on page-level data. Mantis Curate works within the Xandr curation platform, which gathers information such as IP address and geolocation to effectively deliver contextual advertising. Mantis page-level segments are used in conjunction with this targeting to deliver contextually relevant ads.
The data we collect and what we do with it:
- Data Collected by Mantis Curate: Page-level data.
- Usage: Create targeted contextual segments for advertising. - Data Collected by Xandr Curation Platform: IP address, geolocation.
- Usage: Effectively deliver advertising by combining this data with Mantis page-level segments to deliver contextually relevant ads.
Our legal basis
- Legal Basis: Consent and the Transparency and Consent Framework (TCF) gathered under the name of Xandr. Mantis will also be gathering consent under the TCF framework where Mantis is processing personal data.
How long we keep it for
- Retention Period: As per the Xandr terms and conditions.
Who we share it with and why?
- Data Sharing: This data is not shared with anyone outside the Xandr platform.
When you use Mantis to Recommend Articles on Site (Mantis Recommender)
The Mantis Recommender uses page-level data to suggest articles based on the content a user is currently reading. For advertising integrated into Mantis Recommender, data like IP address and other online identifiers are also collected via third-party DMPs (Data Management Platform).
The data we collect and what we do with it
- Data Collected for Recommending Articles: Text of an article, article ID, URL.
- Usage: Suggest related articles based on the current article content. - Data Collected for Advertising: IP address, broad geolocation, and potentially persistent identifiers via third-party DMPs (Data Management Platform) for ad delivery.
- Usage: Deliver relevant advertisements and facilitate the sale of ad units through SSPs.
Our legal basis
- Recommending Articles: We do not collect or process personal data as part of the operations of the Recommender Product.
- Legal Basis for Advertising: Consent managed under the Transparency and Consent Framework (TCF).
How long we keep it for
- Retention Period for Recommended Articles: Data on recommended articles and page-level data is retained for as long as needed.
- Retention Period for Advertising: Data kept for the purposes of delivering advertising is retained by our SSP partners as per their terms and conditions.
Who we share it with and why?
- Data Sharing: Our SSP partners share data with us, as their processor, so we can effectively deliver ads using their systems and services. We only store that data within their systems, which we are using as part of our contracted usage of their services.
When you use the Mantis Suggest Dashboard
The Mantis Suggest Dashboard links page-level Mantis data with additional engagement information, such as data from Google Analytics or Amplitude, to provide insights for content optimisation.
The data we collect and what we do with it
- Data Collected: Page-level Mantis data, engagement metrics (dwell time, engagement, clicks) from sources like Google Analytics or Amplitude transferred to us from our clients.
- Usage: Provide insights and suggestions for content creation and optimisation.
Our legal basis
- Legal Basis: Will be determined by our Publishing Partners CMP and therefore may be consent or legitimate interest, depending on the data source (e.g., Google Analytics, Amplitude).
How long we keep it for
- Retention Period: Data is retained in the dashboard for as long as feasible, either limited by storage costs or data privacy requirements.
Who we share it with and why? - Data Sharing: Data will remain within the dashboard, and data will not be exportable.
International transfers of your personal data
When you provide information to us, or interact with our products and services we may transfer your personal information to our group companies and processors who are based in a country other than your country of residence. For example, if you are a UK citizen you may find your data is processed by a supplier or service based outside the UK or EEA, such as in the United States. If such a transfer requires us to apply additional safeguards to your personal information under, for example, UK or European data protection laws, we will do so.
These steps may include implementing the UK’s International Data Transfer Agreement clauses or European Commission’s Standard Contractual Clauses, with additional UK-specific clauses for transfers of personal information to our service providers and business partners. Alternatively we will ensure the third parties we work with will offer an adequate level of protection by meeting the legally agreed requirements of the EU-US Data Privacy Framework, and the UK extension, as appropriate.
To the extent applicable, we may rely on derogations as set forth in Article 49 of the GDPR for the transfer and onward transfer of personal information collected from individuals in the UK or EEA to the United States, and other countries that the EU views as not providing adequate data protection. Specifically, we may transfer such information to another party in accordance with our lawful basis for processing.
By using our website, products or services or by interacting with us in the ways described in this Privacy Notice, you consent to the transfer, storage and processing of your personal information outside your country of residence, including out of the EEA, in the circumstances set out in this Privacy Notice. If you do not want your information to be transferred in this way you should not use our website, applications or services.
How we keep your data secure
We are committed to protecting the personal data we hold and keep your information secure by taking appropriate technical and organisational measures, including for example encryption techniques and access control, to protect personal and sensitive data against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Where we use third-party service providers to store data, we have appropriate agreements in place to ensure that your personal data is protected. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We also require any third parties to whom we may transfer personal data to have appropriate security measures in place. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
When becoming a client or a prospective client you may be asked to create an account, or have the facility for an account to be created on your behalf. When this happens, you may be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorised by you. You should notify us of any unauthorised use of your password or account. In the unlikely event of a breach we will notify the affected individuals in a timely manner, as required by law. If you believe your account has been compromised, please contact us at dataprotection@mantissolutions.com, or if you are in the US email privacyofficer@reachplc.com stating which Mantis products you are a client of and which state you are a resident of.
When you apply for a job with us or work at other organisations we do business with
When you apply for a Job with us
When you apply for a job with us, we will process the information you or the recruitment agency gives to us in order to consider your application and to communicate with you (or the agency) about it.
If we offer you a position and you accept it, then we will use your information to liaise with you about start dates, contracts, arranging induction and so on, and we may ask you for additional information to that end. That information will then be handled in accordance with our internal HR policies and Employee Privacy Notice.
If we don’t offer you a position or we do but you don’t accept it, then we will keep your application on file for 12 months in case of future queries or issues.
We process your data on the basis that it is necessary in order to take steps to enter into an employment contract with you. We process information relating to unsuccessful applications or job offers that are not accepted on the basis of our legitimate interest in keeping records of job applications.
If you work at other organisations that we do business with
For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.
If you work at a current or prospective advertising or publishing services client or related agencies, revenue sharing partners (for the sale of your products or services) or are users of Reach software we will also contact you from time to time using your work contact details to promote our services. We will have those contact details either because we have worked with you before, you shared them with us for this purpose, because we or our agencies have looked them up from publicly available information, or because you have attended an event we have hosted. We do this on the basis of our legitimate interest in promoting our advertising and publishing services to businesses. We will always stop contacting you for this purpose if you ask us to. Typically, the best way to do that is to respond to the person contacting you, but you can also make the request by completing the relevant form.
We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.
Site visits and CCTV
When you visit a Reach site we will record your name, the date, and in some locations your company name. This information is retained for one week.
In some circumstances, non-employees may be provided with a site pass. Where this applies, the personal data obtained, including a photograph of you, will be retained for the duration of your visit or contract with Reach and for 7 years thereafter for fraud, security, and financial reporting purposes.
We use CCTV systems at our premises on the basis of our legitimate interest in protecting the safety and security of our staff and our property.
How we ensure we protect children's privacy
Our Services are directed to working professionals. Our Services are not intended for children, and we do not knowingly collect personal information from children.
Exercise your rights
You have certain rights under data protection laws which include the right to:
- Access your personal information (via what is commonly known as a "data subject access request").
- Require us to correct any mistakes in your information which we hold.
- Require the erasure of personal information concerning you in certain situations by submitting a Data Subject Request.
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
- Object at any time to processing of personal information concerning you for direct marketing.
- Object to decisions being taken by automated means (including profiling) which produce legal effects concerning you or similarly significantly affect you.
- Object in certain other situations to our continued processing of your personal information.
- Otherwise restrict our processing of your personal information in certain circumstances.
You can exercise your rights by contacting our group Data Protection Officer’s team on dataprotection@mantissolutions.com. It is helpful to be as specific as possible about what you want us to do or what information you are looking for, because it enables us to respond to you more quickly.
Depending on your request, we may ask you to prove your identity to us first, in order to make sure that someone isn’t impersonating you.
How to complain
If you have a complaint or disagree with a decision we have made, we ask that you discuss it with us first by contacting the group Data Protection Officer at dataprotection@mantissolutions.com or via the address given at the top of this Privacy Notice.
You also have the right to complain to your data protection supervisory authority.
In the UK this is the Information Commissioner’s Office:
The ICO’s contact information is:
Address: Information Commissioner’s Office, Wycliffe House, Wilmslow, Cheshire, SK95AF
Website: https://ico.org.uk/
Phone Number: 0303 123 1113