Last updated: July 7, 2026
We, Moloco, Inc., provide this Supplemental EEA+ Privacy and Cookie Notice (“EEA+ Notice”) only to individuals located in the European Economic Area (EEA), United Kingdom (UK) and Switzerland (collectively, “EEA+”) who use https://www.moloco.com/ and related sites, including business client portals, interact with our emails (collectively, “Sites”), and otherwise directly communicate, interact, or share personal information with us, or who apply or are considered for jobs with Moloco, Inc. or its affiliates. This EEA+ Notice supplements our Website Privacy Notice and Candidate Privacy Notice.
References to the “GDPR” are references to the EU and UK General Data Protection Regulation, as they apply in the country where you are located and the Swiss Federal Data Protection Act (the “FDPA”) in Switzerland. If there are any inconsistencies between our Website Privacy Notice or Candidate Privacy Notice and this EEA+ Notice, this EEA+ Notice prevails.
The data controller is:
Moloco, Inc.
135 Commonwealth Dr., Menlo Park, CA 94025
Our representative in the EEA for data protection matters is:
Moloco Germany GmbH
Address: Am Zirkus 2, 10117 Berlin
E-mail Address: [email protected]
Our representative in the UK for data protection matters is:
Moloco UK Limited
Address: No.1 London Bridge, London, SE1 9BG
E-mail Address: [email protected]
If you apply or are considered for a Moloco job, other Moloco affiliates may also be a data controller of your personal data in connection with local recruitment and hiring activities, depending on the position, location, hiring entity, and local recruiting process.
You may contact our Data Protection Officer at [email protected].
The table below outlines the purposes for which we process personal data and the lawful bases of processing. The lawful bases of processing include the following:
Lawful Basis
Purpose and Processing Activities
Performance of a contract
Compliance with a legal obligations
Our legitimate interests
Your consent
You can withdraw your consent at any time by using the consent settings for our Services, where applicable, or by emailing us at [email protected].
Article 5(3) of the ePrivacy Directive (as transposed locally)
Special categories of data (health) subject to Art. 9
We may disclose personal data to our affiliated and third-party service providers, advertising partners, and other recipients described in our privacy notices, in locations including the United States, Belgium, and Taiwan.
We take measures to ensure that recipients in countries not recognized as providing an adequate level of data protection (i.e., the United States and Taiwan) provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses.
In the EEA+, you have the following rights:
To exercise these rights, you may contact us using the information in the Contact Us section below. We may need to request specific information from you to help us verify your identity, that you have the right to make such requests, and to clarify the scope of your requests..
Our Sites use different types of cookies, pixel tags (also known as web beacons), local storage, and other tracking technologies to store data on your device or collect information about your device and your interactions with our Sites (we refer to all of these technologies as “Tracking Technologies”). We operate some of these technologies (in which case they are “first-party”) and third parties operate some of these technologies (in which case they are “third-party”).
We use the following types of Tracking Technologies on our Sites and in our emails:
Description
Purpose and Data Types
First-party or third-party?
Cookie retention in local storage
OptanonConsent
Enforces consent settings across sessions; collects cookie category consent choices.
First-party - moloco.com
1 year
_fwb
Stores consent preferences for Naver tracking technologies; collects a cookie preference flag.
First-party - moloco.com
1 year
_cfuvid
Distinguishes users sharing the same IP address for rate-limiting and security enforcement; collects IP address and session identifier.
First-party - moloco.com
Session (0 Days)
_cfuvid
Distinguishes users sharing the same IP address for rate-limiting and security enforcement; collects IP address and session identifier.
Third party - Multiple HubSpot domains (hubspot.com, hsforms.com)
Session (0 Days)
OptanonAlertBoxClosed
Prevents repeat display of the cookie consent banner; collects timestamp of banner dismissal.
First-party - moloco.com
1 year
cookietest
Tests whether cookies can be set in the user's browser.
First-party – moloco.com
Session (0 Days)
cookietest
Tests whether cookies can be set in the user's browser.
Third-party - hs-analytics.net
Session (0 Days)
dd_cookie_test_
Tests whether cookies can be set in the user's browser.
Third-party - datadoghq.com
Session (0 Days)
NAC
Determines whether the user is located within the EU and therefore subject to the EU’s data privacy regulations.
Third-party - naver.com
1 year
__cf_bm
Determines whether traffic is human or bots to protect websites.
Third-party - Multiple domains:
digitialoceanspaces.com
HubSpot (hs-analytics.net, hs-scripts.com, hs-sites.com, hsappstatic.net, hubspotusercontent.com, hubspotusercontent-na1.net, hubspot.com, hsforms.net, hsforms.com, hubspot.net, hscollectedforms.net, hsadspixel.net, hubapi.com, hs-banner.com)
G2 Platform (g2.com, g2crowd.com)
Session (0 Days)
Description
Purpose and Data Types
First-party or third-party?
Cookie retention in local storage
_dd_s
Groups page views and user interactions into a unified session for diagnostics and performance monitoring using session data and page views.
First-party - moloco.com
Session (0 Days)
_ga
Distinguishes unique users and tracks sessions for site analytics; collects randomized client identifier, session data, and page views.
First-party - moloco.com
1 year
_ga_[ID]
Tracks individual session state for site analytics; collects session ID and event timestamp.
First-party - moloco.com
1 year
__hstc
Tracks visitor sessions for site analytics; collects unique visitor ID, session count, and first/last visit timestamps.
First-party - moloco.com
5 months
__hssc
Tracks session activity for site analytics; collects session identifier and page view count within session.
First-party - moloco.com
Session (0 Days)
__hssrc
Detects new browser sessions for site analytics; collects session start flag.
First-party - moloco.com
Session (0 Days)
NID
Provide automated translation capabilities using site translation usage, IP address, site domain, and device information.
Third-party - translate-pa.googleapis.com
Session (0 Days)
GFE_RTT
Measures network latency and round-trip times (in milliseconds) to optimize the loading speed of embedded Google content.
Third-party - google.com
Session (0 Days)
Description
Purpose and Data Types
First-party or third-party?
Cookie retention in local storage
_GRECAPTCHA
Performs risk analysis to identify automated bots and safeguard website submission forms from malicious spam attacks; collects user behavior, hardware setups, and mouse movements to compute a risk profile.
Third-party - google.com
5 Months
hubspotutk
Authentication and tracking of user identity.
First-party - moloco.com
5 Months
Description
Purpose and Data Types
First-party or third-party?
Cookie retention in local storage
_fbp
Used by Facebook to deliver advertisement products such as real time bidding from third party advertisers.
First-party - moloco.com
2 Months
_gcl_au
Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
First-party - moloco.com
2 Months
bcookie
Primary browser tracking identifier used by LinkedIn to track engagement with embedded social plugins, attribute ad conversions, and detect platform abuse.
Third-party - Linkedin.com
1 Year
lidc
Optimize server routing, handle load balancing across global data centers, and ensure stable performance for embedded social components
Third-party - Linkedin.com
Session (0 Days)
li_gc
Collects and track consent status flags and preference to store and honor the visitor's cookie consent preferences
Third-party - Linkedin.com
5 Months
CMPS
Ad network cookie used to match browsers to local distribution routing servers for fast online advertising.
Third-party - Casale Media
2 Months
CMID
Optimizes advertising; collects advertising interactions, browser data, and browser behaviors
Third-party - Casale Media
1 Year
CMPRO
Cookie syncing for real-time bidding advertising service
Third-party - Casale Media
2 Months
VISITOR_PRIVACY_METADATA
Detect and respect advertising choices for embedded YouTube content; collects IP address, device characteristics, and YouTube advertising consent status.
Third-party - Youtube.com
5 Months
__Secure-YEC
Helps detect and prevent fraudulent interactions with ads, identifies bot traffic, and tracks user interactions to resolve service issues.
Third-party - Youtube.com
Session (0 Days)
__Secure-YNID
Store a user's video player preferences for embedded video; collects system diagnostics, streaming logs and video player configurations.
Third-party - Youtube.com
5 Months
__Secure-ROLLOUT_TOKEN
Manage digital feature experimentations; collects experiment tokens, layouts, and video player interactions.
Third-party - Youtube.com
5 Months
VISITOR_INFO1_LIVE
Legacy bandwidth and connection tracker used to track and calculate network speeds.
Third-party - Youtube.com
5 Months
YSC
Logs video playbacks to update video counts
Third-party - Youtube.com
Session (0 Days)
tvid
Track user video ad views across partner websites
Third-party - tremorhub.com
1 Year
tv_UIDM
Syncs user identifiers between the Tremor Video platform and third-party advertising exchanges
Third-party - tremorhub.com
1 Year
tuuid
Identifies browsers and uses device information and user behavior to support B2B advertising.
Third-party - company-target.com
1 Year
tuuid_lu
Tracks the last updated timestamp of the tuuid cookie.
Third-party - company-target.com
1 Year
IDE
Uses ad views and site interactions to deliver personalized, targeted advertisements across the web and measure campaign conversion
Third-party - doubleclick.net
1 Year
NID
Remembers preferences (like language or SafeSearch) for signed-out users.
Third-party - google.com
6 Months
test_cookie
To determine whether the website visitor's browser supports cookies.
Third-party - doubleclick.net
Session (0 Days)
You may control the use of Tracking Technologies on our Sites by clicking “Your Privacy Choices” in the footer of our website and following the prompts. In addition, you may restrict the placement of cookies or remove them using your browser-level or device-level controls.
The online advertising industry provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
From time to time, we may revise this EEA+ Notice. When we do so, we will publish the revised EEA+ Notice on our website and update the “last updated” date above, in addition to taking any other steps required by law.
If you have any questions about our privacy practices, personal data processing activities, or would like to exercise your rights under privacy laws, you may contact our Data Protection Officer at:
Attn: Privacy Group
Moloco, Inc.
135 Commonwealth Dr.
Menlo Park, CA 94025
[email protected].