II. How personal data is used for the Adloox SOLUTION

The Adloox Solution serves both advertisers and online media sellers and buyers by providing independent, third-party verification measurement. 

Adloox’s clients are companies that run online advertising campaigns and are using the Adloox Solution in order to increase protection from ad fraud, non-viewable impressions and non-brand safe content, or to measure the quality of their advertising (for example to better understand how their campaigns have been interacted with or where a certain campaign has featured on a website) ("Clients").

By analyzing information about ad impression delivery and website traffic on behalf of our Clients, Adloox verifies whether the media where an ad was placed has met or failed Client expectations based on certain characteristics. Such characteristics include the brand safety of a webpage, the viewability of the ad placement, the existence of ad fraud, as well as additional contextual variables. 

Measurement is available across both browser and app environments for mobile and desktop devices. Adloox collects this data to increase trust and transparency for its Clients. The data collected can be used by Clients to proactively prevent advertising on undesirable and/or low-quality media, monitor overall quality performance, and make future media planning decisions. Adloox does not combine the collected data with any other data that would enable Adloox to personally identify individuals.

The Adloox Solution provides Adloox clients with reports containing only statistical information relating to such client’s advertising campaign performance. Such statistical information is aggregated, hashed and anonymised following a robust process preventing any and all identification of individuals before being provided to Adloox clients. Adloox therefore only processes personal data in connection with the Adloox Solution (see further below) for the short period of time required to apply such aggregation, hashing and anonymisation techniques.  

Data Collected. In order to provide the Adloox Solution to our Clients, we use JavaScript and other similar technologies that place a small piece of HTML code on a webpage or app to collect information.

The following categories of data (which may contain personal data) are collected when these technologies are deployed via the Adloox Solution:

• Browser and computer environmental information. This information is necessary to determine the viewability of an advertisement, which includes information such as the ad’s location in the browser viewport, size of the browser viewport, ad size, size of the display, application in focus, the browser tab in focus, and other data.

• Standard HTTP header information. This includes IP address, referring URL, user agent data (data transmitted by your browser about itself when submitting an HTTP request) and other data including browser configuration parameters, including browser type and language and session storage and local storage settings, and characteristics of your device such as the CPU class and time zone setting.

• Information contained within an advertisement. This is known as an “ad tag,” that includes information used to identify the advertiser displaying the ad and the media property that sold the impression.

• Mobile application and mobile device data. Examples include users’ App Identifier).

For the purpose of identifying and preventing online ad impression fraud and invalid traffic and determining if advertisers and publishers are in compliance with their agreements, our Adloox Solutions utilize the following additional technologies (in addition to the data described above):

• Device identification technology, which analyzes device parameters collected as described above, including IP address and browser header information, to probabilistically identify a particular device.

• Clickstream data including URLs and other data regarding the websites on which a particular browser has viewed advertising impressions we are analyzing.

• Clickstream data including mobile application identifier and other data regarding the mobile apps on which a particular user has viewed advertising impressions.

• Webpage (HTML and JavaScript) structure analysis.

Purpose of Collection and Use. 

We use the data we collect to deliver our Adloox Solution for our Client’s lawful purposes, which may include:

• Examining impression data of advertising opportunities, using Adloox technology and client profile decisions, to determine if clients’ advertisements should or should not be displayed.

• Detailing contextual information about advertisements displayed in order to ensure its compliance with terms of our client or partner’s contracts, insertion orders that detail client campaigns, and/or profile decisions that clients make in our systems.

• Reporting viewability metrics of advertisements that indicate: qualified « Viewed Impressions » according to industry standards and/or clients’ criteria, time in which advertisements are displayed on consumers’ browsers, and properties of creative elements that are displayed on consumers’ browsers.

• Website and mobile apps visitation characteristics such as visitor quality, fraud identification, invalid traffic detection, and other quality characteristics necessary to determine agreement compliance.

• Our Adloox Solutions includes the detection and elimination of general invalid and sophisticated invalid traffic, including ad impression fraud, which we define in this policy as the management of ad serving, ad display, or traffic activity such that ad impression measurements are shown inappropriately because the ads cannot be viewed by a user, are not served within operationally viewable parameters or were displayed as a result of fraudulent machine-generated traffic. Our fraud and invalid traffic services are intended to address fraud for advertising measurement purposes.

Additionally, Adloox can use advertising impression information, mobile app information, and website traffic information including IP address and browser header information to:

• Identify traffic sources by their geographic location and determine if the location is correct and located within the advertiser’s campaign parameters or traffic settings

• Determine if traffic is being acquired is fraudulent, or if traffic acquisition practices that are out of compliance with an advertiser’s guidelines or contractual requirements.

• Determine if a middleware is attempting to misrepresent its operating characteristics to prevent the identification of fraud or other invalid traffic.

• Determine if traffic or ad impressions are originating from a server farm unlikely to be responsible for human-generated browsing activity.

Data Retention

Our clients’ main use of the Adloox Solution is to obtain statistical information relating to the broadcasting of such clients’ advertising campaigns. As such, we aggregate, hash and anonymise any personal data following a robust process preventing any and all identification of web users before storing such data in our servers, and the reporting data sent to clients does not contain any personal data.  

We retain our clients reporting data for up to 13 months subject to our client's instructions.

III. CONSUMER CONTROL AND Mobile device tracking opt-out.

Individual users that opt-out of mobile device tracking limit the personal data that is collected about them and/or how it is used. Individual users may opt-out of interest-based and demographic-based advertising using their mobile device settings. Individual users will need to follow the below instructions for Android and iOS applications.

Opt-out process for Android-based mobile devices:

• Open the Google Settings app on individual users’ device

• Select Ads

• Set the “Opt-out of interest-based ads” slider to individual users’ desired position

Optionally, Individual users may reset the advertising identifier associated with their device

Opt-out process for iOS-based mobile devices:

• Open Settings

• Select Privacy

• Select Advertising

• Set the “Limit Ad Tracking” slider to Individual users’ desired position

Optionally, Individual users may reset the advertising identifier associated with their device

Please note that opting out through a website will not limit the collection of personal data on mobile devices, and opting out on Individual users’ mobile device will not limit the collection of personal data through Individual users’ computer’s browser. Opting out limits the collection of data but does not eliminate it completely. Some personal data will still be collected about Individual users’ use of websites or mobile applications after Individual users limit tracking on that platform.

Transfer to Third Parties. Like many businesses, we hire other companies to perform certain business-related services. We may disclose the personal data we process in connection with the Website or our other business purposes to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal data and their functions are: provision of ‘customer relationship management’ software; IT hosting services; data storage services. All such third parties perform services at our instructions pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy. 

We may also disclose personal data to our affiliates in order to support marketing, sale and delivery of Adloox Solutions. 

Business Transfers. In the event of a merger, dissolution, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we expect that the personal data that we have collected, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this privacy policy. This policy shall be binding upon Adloox and its legal successors in interest.

Disclosure to Public Authorities. We are required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

V. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EUROPEAN UNION.

Our servers are located in the EU. We do not transfer or store personal data outside of the EU.

Whilst transfers from the UK to the EU are not restricted under applicable data protection laws, we will nevertheless have appropriate safeguards in place to protect your personal data throughout such transfers. If you would like to find out more about the safeguards we use for these purposes, please let us know by writing to privacy@adloox.com. 

VI. YOUR RIGHTS

You have a number of rights in relation to the way we process personal data about you.  Where an individual makes a request in accordance with provisions of the GDPR, we aim to comply without undue delay, and within one month at the latest.  Those data subject rights include the right to make the following requests:

• to ask for confirmation and information about the personal data that we process about you, including a copy of data we are processing about you;

• to have inaccuracies corrected or incomplete personal data made complete;

• to ask us to restrict, stop processing, or to delete your personal data; 

• to request a machine readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and 

• to not be subject to automated decision-making, including profiling; and

• to make a complaint to the data protection supervisory authority in your jurisdiction. 

To make a request to exercise any of these rights, please let us know by contacting us at privacy@adloox.com.

VII. SECURITY

Adloox takes the security and confidentiality of the personal data that it collects pursuant to this Privacy Policy very seriously. We implement appropriate security measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.

Please be aware that, while we make the security of our Adloox Services and your personal information a high priority and devote considerable time and resources to maintain robust IT security, no security system can prevent all security breaches. When you choose to share your personal information with us, you accept the aforesaid and provide your information at your own risk.   

VIII. RETENTION OF PERSONAL DATA

Where we act as data controller of your personal data, we will retain such personal data systems for as long as is necessary for the relevant purpose and to maintain business records for tax, legal and regulatory reasons, or as otherwise described in this privacy policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements. 

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Where we act as data processor on behalf of our clients, we will retain your personal data for the length of time specified by our clients as the data controller.  

IX. LINKS TO EXTERNAL WEBSITES

Our Website may contain links to third party websites (“External Sites”). As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites, and before providing any personal data to such External Sites.

IX. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on our Website as soon as they go into effect and, where appropriate, notify you of such changes by other means. Please refer back to this Privacy Policy on a regular basis.

X. HOW TO CONTACT US 

If you have questions about this Privacy Policy, please contact us

E-mail us at privacy@adloox.com
Or write to us at ADLOOX SAS
34 Rue Laffitte
75009 Paris
Attn: Data Protection Lead