Privacy Policy

 

WebAds Interactive Advertising BV, WebAds Srl, WebAds Interactive SL,

hereafter WebAds, declare the following:

 

1 Definitions

 

1.1 Personal data

'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

1.2 Visitor

'visitor' means a natural person that visits a website in the WebAds publisher network.

 

1.3 Processing

'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

1.4 Restriction of processing

'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future;

 

1.5 Profiling

'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

 

1.6 Controller

'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

 

1.7 Processor

'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 

1.8 Recipient

'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

 

1.9 Third party

'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

 

1.10 Consent

'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

1.11 Consent UI

'consent UI' means a user interface where visitor can grant or revoke consent to processing and storage of personal data;

 

1.12 Consent Management Provider

'consent management provider' means the system where the consent expressed in the consent UI is stored and managed.


 

Contents

Privacy Policy. 1

1 Definitions. 1

1.1 Personal data. 1

1.2 Visitor. 1

1.3 Processing. 1

1.4 Restriction of processing. 1

1.5 Profiling. 1

1.6 Controller. 1

1.7 Processor. 1

1.8 Recipient. 1

1.9 Third party. 2

1.10 Consent. 2

1.11 Consent UI 2

1.12 Consent Management Provider. 2

2 Scope. 5

3 Data processing and storage. 6

3.1 IP address. 6

3.2 Ad unit recency. 7

4 Visitor rights. 8

4.1 The right to be informed. 8

4.2 The right of access. 8

4.3 The right to rectification. 8

4.4 The right of erasure. 8

4.5 The right to restrict processing. 8

4.6 The right to data portability. 8

4.7 The right to object. 8

4.8 Rights in relation to automated decision making and profiling. 8

4.9 Data Protection Officer. 9

5 Procedures. 10

5.1 Data protection. 10

5.2 Data retention. 10

5.3 Data disclosure. 10

5.4 Data destruction. 10

6 Legal entities. 11

6.1 WebAds Interactive Advertising BV.. 11

6.2 WebAds Srl 11

6.3 WebAds Interactive SL. 11

 


 

2 Scope

 

The scope of this document is limited to:

         i.            the situation where visitor is exposed to WebAds ad serving technology

       ii.            the WebAds Publisher Network

     iii.            a declaration of conformity with EU Regulation 2016/679 commonly known as the General Data Protection Regulation.

 

Under these limitations, his document states what personal data is being processed, what rights visitor has regarding the processing of this data, the procedures involved and what legal entities are involved.


 

3 Data processing and storage

 

3.1 IP address

An IP address is the virtual location in an IP network where the visitor can be reached. There is no direct relationship between IP address and geographic location. An IP address is analogous to a post office box. An IP address is considered personal data since the number of persons addressable with the IP address is limited.

 

3.1.1 data use

Visitors in our network expose their IP address to WebAds. This happens when a visitor places a HTTP request to one of our webservers. WebAds does not process IP addresses for purposes other than:

         i.            addressing its responses to HTTP requests

       ii.            financial bookkeeping

     iii.            fraud prevention

 

3.1.2 storage

When visitors expose their IP address to one of WebAds' webservers, it is stored in the logs of the webserver.

 

3.1.3 legal grounds for data processing and storage

Since the IP address is necessary for a webserver to deliver a proper response to the visitor upon request, the request is considered implicit consent to process and store the IP address in the webserver.

 

Since the IP address is evidence of delivery fulfilment and in the prevention of fraud with bot nets and other forms of non-human traffic, WebAds has legitimate interest in processing and storing IP addresses.

 

The interests of the visitor are balanced against this legitimate interest by restricting the retention period as set out in article 5.2.

 

3.1.4 data recipients

The IP address is not shared with other recipients.

 

3.1.5 exposure to third parties

The IP address is not shared with third parties.

 


 

 

 

3.2 Ad unit recency

An ad unit is a portion of a website reserved for advertisements. Ad unit recency consists of a unique identifier, a date and time on which a user was last exposed to that specific ad unit.

 

3.2.1 data use

Some ad units are more intrusive to the user experience than others. To balance ad monetization and user experience, WebAds limits the frequency of ad units by calculating the amount of time that passed since the last time a visitor was exposed to a specific ad unit.

 

3.2.2 storage

Ad unit recency is stored client side in the cookie of the page the visitor visits.

 

3.2.3 legal grounds for data processing and storage

From the ad unit recency, it can be derived when a visitor last visited this website. This is a form of behavioural profiling. WebAds seeks consent to use and store recency from the visitor through its Consent UI or 3rd party Consent Management Provider. Withholding consent will disable frequency and recency control, resulting in more and more intrusive ads.

 

3.2.4 data recipients

Ad unit recency is not actively shared with other recipients. However, with some effort data stored in the cookie of the page can be accessed by anyone with access to the main document.

 

3.2.5 exposure to third parties

Ad unit recency is not actively shared with other third parties. However, with some effort data stored in the cookie of the page can be accessed by anyone with access to the main document.

4 Visitor rights

 

4.1 The right to be informed

The visitor has the right to be informed about the processing and storage of their personal data by WebAds. This right is covered by this privacy policy. This privacy policy is available through the WebAds Consent UI and third-party Consent UI's. The WebAds Consent UI can be accessed through the privacy fingerprint button shown on websites in the WebAds Publisher Network. Third party Consent UI's have similar points of access.

 

4.2 The right of access

The visitor has the right to access their personal data stored by WebAds. This right is covered by the data disclosure procedure set out in article 5.3.

 

4.3 The right to rectification

The visitor has the right to have inaccurate personal data rectified. Since the personal data described in article 3 does not leave room for interpretation, a request for rectification will be considered a request for erasure. The procedure for this request is set out in article 5.4.

 

4.4 The right of erasure

The visitor has the right of have personal data erased. This right is covered by the data destruction procedure set out in article 5.4

 

4.5 The right to restrict processing

The visitor has the right to request restriction or suppression of their personal data. For the data described in article 3.1 a request for restriction will be considered a request for erasure. The procedure for this request is set out in article 5.4

 

For the data described in article 3.2 storage and processing only takes place on the visitor's computer. Visitor can restrict storage and processing by revoking consent through the Consent UI.

 

4.6 The right to data portability

The visitor has the right to data portability. The data described in article 3 are not of generic nature. A request for data transfer will be considered a request for access. The procedure for this request is set out in article 5.3

 

4.7 The right to object

The visitor has the right to object to the processing of their personal data. For the data described in article 3.1 objection will be considered a request for erasure. The procedure for this request is set out in article 5.4

 

For the data described in article 3.2 storage and processing only takes place on the visitor's computer. Visitor can restrict storage and processing by revoking consent through the Consent UI.

 

4.8 Rights in relation to automated decision making and profiling

The visitor has the right to limit the influence of automated decision making and profiling. The data described in article 3.2 is used for automated decision making and profiling. Storage and processing of this data only takes place on the visitor's computer. Visitor can restrict storage, processing and thus automated decision making and profiling by revoking consent through the Consent UI.

 

4.9 Data Protection Officer

WebAds has appointed a Data Protection Officer as a central point of access for all visitors regarding all issues concerning the processing and storage of personal data. The DPO can be reached by email through dpo@webads.eu of phone: +31 (0) 20 62 616 34

 


 

5 Procedures

 

5.1 Data protection

 

The IP address as described in article 3.1 is stored in the logs of a webserver. This data is not replicated besides:

          i.             Virtual Machine snapshots

 

The IP address does not leave the datacentre. The datacentre is certified according to:

         i.            ISO 9001

       ii.            ISO 27001

     iii.            ISO 14001

     iv.            NEN 7510

       v.            PCI DSS

 

The IP address is only accessible by WebAds employees in the technical department that where trained for server maintenance and database administration. The IP address is only shared with:

         i.            Visitor that can prove access to the IP Address.

       ii.            The Data Protection Officer as described in article 4.9.

 

Reporting to colleagues, management, clients and others is limited to meta data derived from the IP address. This meta data is anonymized.

 

Ad unit recency as described in article 3.2 is stored client side in the browser of the visitor. Ad Unit recency is public, not critical, not replicated and unprotected.

 

5.2 Data retention

 

The IP address as described in article 3.1 is stored in the logs of a webserver. These logs have automatic log rotation. Data is automatically deleted every 4 weeks.

 

Virtual Machine snapshots renew every 4 hours. The previous snapshot is deleted in the process.

 

Ad unit recency as described in article 3.2 is stored client side in the browser of the visitor. The retention period for ad unit recency depends on the default cookie lifetime of the browser.

 

5.3 Data disclosure

The log entries containing the IP address as described in article 3.1 will be disclosed to a visitor that can prove to have access to the IP address.

 

That visitor can address a request for information to the Data Protection Officer as described in article 4.9.

 

5.4 Data destruction

The log entries containing the IP address as described in article 3.1 will be destroyed upon verified request from a visitor that can prove to have access to the IP address.

 

That visitor can address a request for information to the Data Protection Officer as described in article 4.9.


 

6 Legal entities

The legal entities declaring this privacy policy are:

 

6.1 WebAds Interactive Advertising BV

Keizersgracht 256

1016 EV Amsterdam

The Netherlands

 

Registered under:

KVK te Amsterdam

34248860

 

6.2 WebAds Srl

Via Olmetto 21

I-20123 Milano

Italy

 

Registered under:

Code Fiscale

01280390558

Numero Rea

01280390558 1784438

 

6.3 WebAds Interactive SL

Calle Bravo Murillo 50 1 A

Madrid 28

Spain

 

Registered under:

Mercantil de Madrid

Hoja M-491067

Tomo 27256

Folio 182

C.I.F.B-85828937