Geolad Privacy Policy (original) (raw)

geolad GmbH (“we” or “our”) is a data processing company offering state of the art, privacy-led data analytics and advertising solutions (“Service/Services”) for different industries. We strive for our Services to respect the privacy of users. To achieve these aims, geolad fulfils its privacy and data protection principles when creating, developing, and delivering its Services. geolad does not process data that directly identifies an individual, such as an encrypted name, address, or government issued IDs.

1. Definitions

1.1. Definitions related to Involved Parties

Different parties are involved in geolad’s Services. They are denoted throughout this document as follows:
geolad’s Customers are all those entities that use our data for targeting and statistical reporting:
Advertisers: include companies as brands, agencies, and other entities that deliver targeted display ads to end users
Publishers: include owners of web domains who geolad provides with aggregated statistics about their visitor traffic
Technical Systems:

Demand Side Platforms: are systems used for campaign management that enable advertisers to buy ad placements in real-time
Ad Servers: systems that store and deliver digital advertisement to end users
Data Management Platforms: are systems used for collecting, analysing, and forwarding datasets from different sources
Data Owners:
Publishers: owners of web domains, that enable geolad to collect Application Specific Data
Mobile Network Operators: corporate entities that provide a wide range wireless communications services, and enable geolad to collect Data Profiles

1.2. Definitions related to Data Collection:

Application Specific Data: Geolad collects Application Specific Data through integrations with its partner Publishers. The collected Application Specific Data are as follows:

Cookie IDs:

• Cookie IDs are randomly generated unique identifiers pertaining to HTTP cookies. The IDs do not allow the identification of real user identities. Every web domain needs to generate its own Cookie Identifier in a certain browser
• HTTP cookies are data pieces downloaded from a website and stored in the user’s web browser used for accessing the website content
• Types of cookies include (but not limited to): (1) Permanent Cookies: will remain operational, even if you close your browser, (2) Session Cookies: cookies that are only valid during your current visit of a certain website. Cookies can be deleted from the user’s browser any point of time in the settings of the browser (to read more about opting out from geolad’s cookies, please refer to Section 4.2. “How to Opt-out from our Services?”

Advertising IDs:

• Anonymous, user-specific, unique and resettable identifiers of a mobile device used for advertising purposes
• Types of Advertising IDs include: (1) AAID (Google Advertising ID for Android devices): advertising ID available on Android devices, (2) IDFA (Identifier for Advertising on iOS devices): advertising ID available on iOS devices
• Advertising IDs can be reset or they can be deactivated within your device at any point in time (to read more about resetting or deactivating your Advertising IDs, please refer to Section 4.2.2 “How to Opt-out from our Services?”

IP-address:

• When your device sends a request to the geolad server, geolad is able to access the IP-address allocated to your device by your internet service provider
• Different devices may share the same IP-address
• Geolad does not process individual IP-addresses, but extracts aggregated information from it (e.g. name or region of your internet service provider)

Browsing Data:

• When you visit a website of our partner Publishers, your browser may send information related to the request, including e.g. HTTP referrer URL or user agent. We may use such information to collect aggregated targeting profiles, e.g. interest categories, device type categories etc.
• You can deactivate the sending of referrer URL or user agent information within the settings of your internet browser, apart from the standard opt-out functionality offered by geolad (see also Section 4.2. “How to Opt-out from our Services?”)

Data Profiles: Geolad collects Data Profiles through integrations with partner Data Owners (e.g. Mobile Network Operators). The collected Data Profiles include:

• Demographic Data: Geolad may obtain from its Demographic Data from Data Owners, which may include the following:
• Location information: e.g. zip-codes of the billing location
• User demographics: e.g. gender, age-groups
• Average monthly spending categories

Aggregated Categories: Geolad may create segments that include a large number of Data Profiles and Application Specific Data (e.g. generate a target group of profiles according to the following parameters: Female, Age: 20 to 30, living in Graz.) Aggregated Categories are made available for geolad Customers via DSPs and Ad Servers

2. Data Processing

Geolad and its sub-processors process the Data Profiles and Application Specific Data received from its partner Data Owners.

Geolad’s partner Data Owners may collect geolad specific data (online/offline) from its clients. Geolad ensures that its Data Owners are in line with GDPR and supports them with all the required information in order to comply with GDPR. As a member of International Advertising Board (https://www.iab.com), Geolad commits to the highest industry standards as the [IAB Code of Conduct] (https://www.iab.com/iab-member-code-of-conduct/). Geolad may make use of pixels and javascript code contained in the websites of its partner Publishers to process Application Specific Data.

Geolad creates anonymous data segments (Aggregated Categories) based on Application Specific Data and/or Data Profiles that are aggregated into segment lists or Advertising ID/Cookie ID lists. Geolad subsequently shares these lists with its Partners for targeted advertising and/or analytics purposes.

3. Legal Basis for Data Processing

According to the European General Data Protection Regulation (GDPR), geolad is obliged to provide information concerning which legal basis geolad uses for the processing of data, how geolad makes use of personal information (also with regard to disclosure) to ensure that it safeguards your privacy and personal data, as well as how geolad may be contacted if you have any privacy concerns.

This General Terms and Conditions apply to all Application Specific Data and Data Profiles, provided that it contains personal information as specified in applicable European laws and regulations.

Geolad and its partner Data Owners process data on the legal basis of the “legitimate interests” art. 6(1)(f) GDPR for providing targeted advertising based on customized audience segments.

Geolad conducts regular data protection impact assessments (DPIA) to weigh out any possible impact on users, their rights and freedoms, before any data is processed.

It should be noted that geolad’s partner Data Owners or other third-parties providing Data Profiles or Application Specific Data to geolad may wish to make use of other legal bases such as “consent” to process personal data and provide it to geolad, subject to their own privacy policies.

In all cases, the processing of user data always remains under full user control, as set out in this Privacy Policy and as required by GDPR regulations.

Geolad does not knowingly utilize, collect or share with third-parties any data concerning users under the age of eighteen. Should we discover otherwise, Geolad will take reasonable measures to guarantee that it fulfils this promise.

4. Protection of Personal Data

Geolad implements technical and organizational measures to secure any received personal data. Geolad has designed its solution to ensure that throughout the entire use cycle, user data is protected and secured from loss, being stolen and unauthorised access.
Geolad has put in place the following procedures to deal with any suspected personal data breaches:

4.1. Information Security Policy of Geolad

Geolad provides personally targeted advertising by generating browser cookies for visitors of the geolad Service and its partner Publishers. The cookie consists of a browser-specific identifier (Cookie ID) that may be assigned to different Data Profiles and Application Specific Data received by geolad. Since the identifiers are assigned only into Aggregated Categories, geolad cannot identify individual devices based on these identifiers or the associated Aggregated Categories.

4.2. How to Opt-out from our Services?

While you cannot stop getting ads online when you visit a specific page or use a certain mobile app, you can opt-out from any data processing specific to geolad Services. That is, after opting out from our Services, you will not receive less ads, but these ads will not be targeted on any geolad Services anymore.

4.2.1. Opt-out from Cookie-based Processing

You can opt-out from being included in our cookie-based Services when visiting partner websites by clicking the following link.

Please mind the following important notes regarding opting out from our cookie-based Services:

• By clicking on the above link an opt-out cookie is stored in your browser. Whenever you visit one of our Services, the cookie is presented to our servers and you are automatically excluded from any further processing by our servers.
• If you use more than one browser for visiting websites, you need to visit the above opt-out link with every browser you typically use.
• In case you delete all your browser cookies, also the opt-out cookie gets deleted and you need to opt-out again by clicking the above link.
• We do honour the Do-Not-Track header sent by internet browsers. Thus, by activating the Do-Not-Track header in your browser you may opt-out from our Services without the need for clicking the opt-out link above.
• After opting out from our Service, you still may receive ads that are targeted based on non-personal information, such as e.g. type of currently visited website or mobile app.

4.2.2. Opt-out from Processing Advertising IDs

In case you use any mobile apps, advertising Services typically do not rely on cookie-based processing, but on accessing the Advertising ID of your device. This ID can be reset by you at any time, and its usage for interest-based apps can be disallowed in the settings of your device. Depending on the type of device, the steps for opting out from interest-based ads and from processing your device’s Advertising ID are as follows.

On Android Devices:
1. Go to Menu and tap “settings”
2. Go to sub-menu “Google”
3. Got to sub-menu “Ads”
4. Now you can (a) reset your Advertising ID by tapping on “Reset advertising ID”. This will invalidate all data segments that have been established by our servers based on your previous Advertising ID, (b) alternatively, you can opt-out from personal ads by turning on the switch “Opt-out of interest-based ads”.

More information on opting out from interest-based ads in Google products and Services is available under https://support.google.com/ads/answer/2662922.

On iOS Devices:
To opt out from interest-based ads on iPhones and/or iPads perform following actions:
1. Go to Settings
2. Got to sub-menu “Privacy”
3. Got to sub-menu “Advertising”
4. Opt-out from interest-based ads by turning on the switch “Limit Ad Tracking”

More information on opting out from interest-based ads in Apple products and services is available under https://support.apple.com/en-us/HT202074 and https://support.apple.com/en-us/HT205223.

4.3. Secure Data Processing according to EU Data Protection Law

Data is processed by geolad and its partners only in member states of the European Union; there is no data transfer to a third country.

Servers involved in data processing are protected by physical access security, as well by state-of-the-art IT security measures: servers are secured by firewalls and can only be accessed by authorized staff members based on password- and cryptographic access key-protection. The software deployed for data processing is regularly tested and updated in order to avoid vulnerabilities induced by software itself.

The staff members performing data processing are trained in required Data Protection Principles and obligated to keep confidentiality. Data is minimized by processing only the data that is required for the purpose of processing.

4.4. Encryption and Anonymization

Traffic from/to geolad’s servers is encrypted based on state-of-the-art encryption methods (i.e. TLS-encryption). IP-addresses are anonymized by discarding the last octet of the IP-address, preventing any identification of individual visitors. Server logs created for maintenance and debugging purposes are encrypted.

4.5. Security Measures

External security threads are detected by continuously operated monitors and blocked automatically by dynamically generated firewall rules. Geolad deploys periodic security audits for detecting and fixing any vulnerabilities that may evolve over time.

4.6. Additional Information

Geolad’s Services rely on a subcontractor DMP for segmenting Data Profiles and Application Specific Data into Aggregated Data Categories.

For additional details on privacy and access protection measures deployed by our subcontractor DMP please refer also to the information available under https://www.theadex.com/privacy-opt-out/.

5. Personal Data Rights of Users

Users have the following rights with concerning their personal data:

• to request a confirmation whether geolad processes any of their data
• to access their data
• to opt-out/to object
• to data portability, if applicable
• to rectify inaccurate data concerning them
• to erasure of personal data

Should you have any questions or requests regarding your personal data rights, please contact us via [email protected].

6. Sharing Aggregated Data Categories with Third-parties

Geolad shares Aggregated Categories with the following geolad Customers, Technical Systems:

• Advertisers
• Publishers
• Ad Servers
• Demand Side Platforms (DSPs)
  Geolad Customers only see lists of segments (Aggregated Categories) that serve as targeting criteria. They do not obtain access to view Advertising IDs or Cookie IDs. Demand Side Platforms (DSPs) and Ad Servers only get access to segment names and relevant Advertising IDs or Cookie IDs.

Geolad requires its partner Publishers to mention the presence of geolad specific pixels or javascript codes in their respective privacy policies.

Geolad relies on the following sub-processors for data processing as defined in this Privacy Policy:

IPAX OG, Barawitzkagasse 10/2/2/11, 1190 Vienna, Austria

The ADEX GmbH, Torstraße 19, 10119 Berlin, Germany

Additionally, geolad may process Application Specific Data in a data center located in Frankfurt, Germany operated by Digital Ocean LLC, 101 6th Ave, NY, New York, USA

7. Data Maintenance Period

Any data involved in geolad’s Services is maintained only as long as required for fulfilling the purpose of the processing, and is deleted afterwards. Additionally, users may initiate early deletion of their data from our subcontractor DMP by opting out from our Services.

8. Final remarks

Since geolad regularly updates its Privacy Policy, it is recommended to review it periodically to be up-to-date regarding the changes made. The most recent version of the Privacy Policy was made available on November 29th, 2018.

For any questions or remarks concerning this Privacy Policy, please contact us at: [email protected]