1. Overview of our Services

We provide online advertising services to our clients in the programmatic advertising environment. Our solution is used by advertisers to display ads of their products or services on publishers’ websites, mobile applications, connected TVs or digital out of home devices. Some of our ads are personalized, i.e., based on the information on your previous online activity. We display to you the ads of those advertisers whose websites or apps you had visited in the past (a service known as retargeting) or ads that we believe otherwise match your current shopping interests. In order to serve personalized ads, we process certain information related to your online activity that helps us understand what your current shopping interests might be and allows us to display an ad and analyze how it performs. While doing so, we aim at ensuring the highest level of privacy protection and transparency. We strictly comply with all applicable privacy laws, in particular the EU General Data Protection Regulation (GDPR), Directive on Privacy and Electronic Communications (E-Privacy Directive), as well as established best practices on the digital advertising market.

2. How we collect your Data

In order to collect your data, we use cookies, which are text files inserted in your web browser when you visit advertisers’ or publishers’ websites or apps, as well as other tracking technologies available on your device, such as mobile advertising ID. They allow us to register certain activities you perform on those websites or apps. We operate under the adingenious.com domain while providing our services.

3. Data we Process

We process the following three main groups of data:

a) Information related to your viewing activity on advertisers’ websites or apps — it helps us understand what sorts of products and services you are interested in and, consequently, determine which ads should be displayed to you to match your current shopping interests. We process this data on behalf of the advertisers for whom we conduct advertising campaigns (as a data processor), specifically for the purpose of creating your user profile.

b) Information that you are currently entering a publisher’s website or app, where we may display an ad to you — it comes within a so called bid request, which is an offer to buy an advertising space on the publisher’s website or app in order to display an ad (for details, see Section 4 below). We process this information as a data controller for the purposes of displaying ads, ad measurement, brand safety, product development, and fraud detection.

c) Information regarding the delivery of our ads, i.e., impressions of an ad (e.g., whether we displayed an ad to you and, if so, which ad we selected) and your interactions with an ad (e.g., whether you clicked on it). We process this information as a data controller for the purposes of displaying ads (in particular for frequency capping and ad rotation), ad measurement, and product development.

You may find a full list of categories of data we process as a data controller in our GDPR privacy notice (see Section 5 below).

While providing our services, we do not collect personally identifiable information (PII), such as names, e-mail addresses, postal addresses, telephone numbers, or financial data, such as credit card details.

We do not receive any additional data from advertisers or partners, which, along with the data collected by our technology, would enable us to directly identify you.

4. How we use your Data

While you are visiting an advertiser’s website or app, we collect information related to your activity there, such as which items you viewed, put in the basket, and bought. Those browsing patterns on the advertiser’s website or app help us understand what sorts of products and services you are interested in and thus display to you, on publishers’ digital properties (e.g., news portals, apps), only ads compatible with these interests.

We display our personalized ads with the use of a programmatic instantaneous auction system known as real-time bidding (RTB). Real-time bidding procedure happens at the moment you enter a publisher’s website or app that offers an advertising space for sale. While such website is loading, a bid request is sent to us by the publisher or our business partner cooperating with the publisher (e.g., supply-side platform, SSP) inviting us to buy a certain ad space. After receiving such bid request, our technology uses information about your previous browsing activity on advertisers’ websites or apps to decide whether to buy the auctioned ad space and, if so, which ad to display.

For instance, if you had recently visited our client’s website looking for jeans, we may display to you an ad of those same jeans you had viewed there and similar jeans or complementary products, such as T-shirts offered by that client.

We may also use information on the content of the website where the ad is to be displayed for the additional personalization of this particular ad. However, we never use such website content to personalize future ads, in particular we do not assign this information to your user profile in order to categorize you (e.g., by assigning you to a particular population segment) or try to determine your shopping interests on the basis of your browsing history on publishers’ websites or apps.

Moreover, we do not use your browsing data across advertisers, which means that a browsing activity from one advertiser’s website or app does not affect other advertisers’ ads we display. For instance, the fact that you looked for running equipment in an app of our client “A” will not result in us displaying you running equipment from an app of our client “B” (unless you had previously browsed similar products on “B” app as well).

After we display an ad to you, we collect information regarding ad impressions (e.g., that we indeed displayed an ad to you, which ad was selected, and when and on what type of device it was displayed) and your interactions with the ad (mainly whether you clicked on it or not). We use this information for the analysis of how our ads perform, for the creation of statistical reports for advertisers regarding the delivery of their ads, and subsequently for attribution and billing purposes. We also process this data for the control of the frequency of ads we display to you (frequency capping) and for product development purposes.

Our platform is integrated with the RTB environment through matching of our technical identifiers, e.g., cookie IDs or mobile advertising IDs (“cookie matching”) with those used by our business partners. It enables us to (a) receive a bid request and eventually serve an ad on a publisher’s website or app that uses our business partners’ digital advertising technology and (b) collect information related to our ad serving activities.

Upon an advertiser’s specific request and on the basis of the information provided by such advertiser, we may perform cross-device tracking that consists of displaying the same categories of ads of this particular advertiser’s products or services on different devices you use (e.g. laptops and smartphones). We do not, however, perform specific data analyses in order to link the devices you use on the basis of the patterns of your online behavior (i.e., we do not conduct probabilistic cross-device tracking).

We also use your personal data for the detection of frauds and other potential dangers to privacy security, for the calculation of the usage levels of our technology, and for brand safety purposes, i.e., to analyze whether publishers’ websites are a suitable environment for our ads to be displayed and to develop and improve our products.

Advertisers and publishers whose websites or apps you visit may independently collect and use your data for different purposes. Please consult their privacy policies for more information in this regard.

5. Personal Data Processing (GDPR)

Although, as described above, we do not collect personally identifiable information (PII), the data we do process is tied to unique online identification numbers that, under the GDPR, are considered “online identifiers” that allow us to “single out” a specific user from other users. According to the GDPR, such information may be considered personal data (this type of non-personally identifiable data is referred to as “pseudonymous data”). Consequently, in cases where the GDPR applies to our services, we assure compliance with all the requirements established by this regulation.

We have also appointed a data protection officer, whom you may contact if you have further questions. Please see Section 9 below for the Data Protection Officer contact details.

As a part of the GDPR compliance program, we have joined the IAB Europe Transparency & Consent Framework (TCF) as a registered vendor (ID No.: 196) and comply with the TCF policies. For more information, please visit https://iabeurope.eu/.

As mentioned above, some of data we use for providing services, we process as a data controller, which means we are solely responsible for it, and some – as a data processor i.e. on behalf of advertisers. You may access a set of information required by the GDPR pertaining to our data processing activities as a data controller in our GDPR Privacy Notice.

Purpose of the processing
We will process your personal data, which includes storing and accessing certain information on your device (such as cookies or device identifiers) in order to carry out the following:
i) select and deliver personalized ads,
ii) measure ad performance,
iii) develop and improve our products, and
iv) ensure security and prevent fraud and debug.

Categories of personal data
For the above purposes, we will process the following categories of your personal data:
unique online identifiers (including cookie IDs and mobile advertising IDs);
i) URLs of the web pages you visited (“referrer”);
ii) data related to ad impressions and your interactions with our ads on publishers’ websites or apps;
iii) technical browser and device information (“user agent”);
iv) timestamps, IP addresses indicating your general (non-specific) location.

Legal basis for the processing
The legal basis for the processing of your personal data for the purposes of (1) selecting and delivering personalized ads, (2) measuring ad performance, and (3) developing and improving our products is the consent you give on publishers’ websites or apps. You are entitled to withdraw the consent to the processing of your personal data by us at any moment. You may do so by clicking an opt-out button on our opt-out page or by contacting us directly at: operations@adingenious.com.

With respect to ensuring security, preventing fraud, and debugging, the legal basis for the processing of your personal data is the legitimate interest of the controller, pursuant to Article 6 Section 1 (f) of the GDPR.

Sources of the personal data
We obtain your data either from publishers, on whose digital properties we display our advertisements, or from supply-side platforms (SSPs), cooperating with publishers for the purposes of delivering personalized advertisements.

We collect some of the information, such as data related to ad impressions and your interactions with ads, ourselves from publishers’ websites or apps.

Recipients of the personal data
We may transfer your data to our processors (e.g., IT service providers and data centers) where such entities process data on the basis of a contract with us and only in accordance with our instructions.

We may also transfer very limited amounts of data to our business partners (e.g., SSPs) in a response to a bid request in order to be technically able to display an ad.

Data subject’s rights
You have the following rights with respect to your personal data:
i) the right to withdraw your consent to the processing at any time, e.g., by means of an opt-out procedure without affecting the lawfulness of processing based on consent before its withdrawal;
ii) the right to object to the processing of the personal data for direct marketing purposes or, on grounds relating to your particular situation, whenever the legal basis for processing is controllers’ legitimate interest;
iii) the right to access to the personal data; the right to obtain from the controller restriction of processing as referred to in Article 18 of GDPR;
iv) the right to request that your personal data be corrected if it is found to be inaccurate or out of date; the right to request your personal data be erased where it is no longer necessary for us to retain such data;
v) the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; and
vi) the right to request that we provide you with your personal data and where possible to transmit that data directly to another data controller. You are entitled to request a copy of your personal data processed by us.

Profiling
Within the scope of processing that we undertake as a data controller, we conduct activities that may be deemed “profiling” of your personal data only to a very limited extent (i.e., analysis of data regarding ad impressions and your interactions with our ads for ad measurement purposes).
We do, however, conduct profiling with respect to the data related to your browsing activity on advertisers’ websites or apps (i.e., data we process on behalf of advertisers, as a data processor). We analyze it in order to display to you an ad that we believe you will be most interested in, as described in Section 4 above.
In any case, the profiling does not produce any legal effects toward users or similarly significantly affects them. In particular, it does not result in price discrimination among the users based on their behavioral profile.

Retention periods
We immediately delete all data received in bid requests, except for a minor fraction needed for statistical and analytical purposes (including brand safety and fraud detection), which is stored for no more than 94 days.
The data regarding ad impressions and your interactions with the ad is kept as long as it is needed for statistical, settlement, and product development purposes, however in any case no longer than 2 years from its collection.
After the lapse of periods specified above, the data is truncated or effectively anonymized.
In any case, we promptly respond to data subject requests related to the execution of the right to be forgotten by deleting all personal data covered by a given request.

Transfers to third country and safeguards
We shall not transfer or permit any of your personal data to be transferred to a territory outside of the European Economic Area unless we have taken such measures that are necessary to ensure that the transfer is in compliance with applicable laws. Such measures may include (without limitation) transferring personal data to a recipient in a country that the European Commission has decided provides adequate protection for personal data as referred to in Article 45 of the GDPR or to a recipient in the United States that has certified compliance with the EU–US Privacy Shield framework.
If you wish to find the list of the countries that the European Commission recognized as providing adequate protection, then click here.
We use Amazon Web Services in order to conduct data analysis necessary to provide and optimize our services, which entails the transfer of data to data centers managed by Amazon and located in the United States. Amazon, Inc. and its wholly-owned U.S. subsidiaries participate in EU–U.S. Privacy Shield Framework (see: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active).

Further Processing
If we need to use your personal data for a purpose not covered by this notice, then we will provide you with a new notice explaining such new use, prior to commencing the processing, and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing operation.


6. CCPA Privacy Policy

In these California Consumer Privacy Act Disclosures (“CCPA Disclosures”), we, AdIngenious (“AdIngenious”, “we”) disclosure information about our data processing practices as required by the California Consumer Privacy Act of 2018 (“CCPA). These CCPA Disclosures are effective January 1, 2020. You can download a PDF version here.

I. Who and what information is subject to these CCPA Disclosures? California residents are protected as “consumers” by the California Consumer Privacy Act of 2018 (“CCPA”) with respect to personal information.

II. How can a consumer with a disability access these CCPA Disclosures? Consumers who have a visual disability may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this notice.

III. CCPA Privacy Policy We are providing the disclosures about consumer rights and our personal information handling practices in the preceding twelve months, as required by the CCPA and regulations of the California Attorney General, including §999.308. You may access a set of information required by the CCPA pertaining to our data processing activities as a business under the CCPA in our CCPA Privacy Policy (click here to expend).

7. Data Security Measures

We have implemented organizational and technical measures to assure an appropriate level of security of your data. We have deployed procedures regarding every aspect of data processing, and we carefully select technologies used for such processing and any data recipients.

Your data is protected against human interactions, equipment malfunctions, internal or external attacks, losses, or misuses. We store it in top-tier multi-tenant data centers operated by market-leading companies with appropriate data security certifications (in particular ISO 27001). In order to ensure the ongoing confidentiality and availability of your data, we use encryption and a back-up mechanism.

We constantly monitor the implemented security measures and develop the awareness and knowledge about privacy and personal data protection at our company on an ongoing basis.

8. Exercising your Privacy Rights

If, after having been acquainted with the extent of data collected about your online activity, you have any concerns about your privacy, then you may disallow the collection of data by means of tracking technologies used by us specifically or by all providers in the following ways.

You may disable cookies in your web browser and mobile devices, which will prevent the collection of data by all providers.

For web browsers, please refer to your browser’s settings, as the procedure may depend on the browser you use. Please note that, due to the common use of cookies, turning them off may prevent you from using a variety of websites.

For mobile devices, please use device settings.
For iOS, select “Privacy” → “Advertising” → “Limit Ad Tracking”.
For Android, select “Users Area” → “Google” → “Ads” → “Opt out of Ads Personalization”.

The GDPR grants you additional rights, such as the right of access, rectification, erasure, or portability of your personal data and the right to object to or restrict the processing and to lodge a complaint with a supervisory authority. Furthermore, where we have collected and processed your personal data subject to your consent, you can withdraw it at any time. Such withdrawal does not affect the lawfulness of the processing we have conducted prior to your withdrawal. To learn more, see our GDPR notice , or contact our Data Protection Officer.

9. Privacy Policy Changes

In order to develop the privacy protection, we may deem it fit or necessary to update this Privacy Policy at any time. Please follow our website where we will inform you about any material changes to our Privacy Policy.