PRIVACY POLICY
PRIVACY POLICY
This Privacy Policy is designed to describe how we approach your privacy as an Internet user interacting with websites that have implemented our advertising technology.
1. General information
We are an advertising technology company that provides online advertisement services to advertisers (e.g., e-shops) in the programmatic advertising environment. Our role is to give advertisers an effective tool to display ads of their products or services on publishers’ websites and mobile applications you visit (e.g., news portals). Our ads are personalized, i.e., based on the information on your previous online activity. We will display to you the ads of those advertisers whose websites or apps you had visited in the past (a service known as retargeting) or ads that we believe otherwise match your current shopping interests.
In order to serve personalized ads, we process certain information related to your online activity that helps us understand what your current shopping interests might be and allows us to display an ad and analyze how it performs. While doing so, we aim at ensuring the highest level of privacy protection and transparency. We strictly comply with all applicable privacy laws, in particular the EU General Data Protection Regulation (GDPR), Directive on Privacy and Electronic Communications (E-Privacy Directive), as well as established best practices on the digital advertising market.
2. How do we collect data
In order to collect your data, we use cookies, which are text files inserted in your web browser when you visit advertisers’ or publishers’ websites or apps, as well as other tracking technologies available on your device, such as mobile advertising ID. They allow us to register certain activities you perform on those websites or apps.
We operate under the https://www.ggads.io/ domain while providing our services. We store two cookies under this domain: (a) “u” which contains a unique ID established for the browser you use (b) “ts” which stores the timestamp needed to establish cookie lifetime.
3. What data we process
We process the following three main groups of data:
(a) Information related to your browsing activity on advertisers’ websites or apps — it helps us understand what sorts of products and services you are interested in and, consequently, determine which ads should be displayed to you to match your current shopping interests. We process this data on behalf of the advertisers for whom we conduct advertising campaigns (as a data processor), specifically for the purpose of creating your user profile.
(b) Information that you are currently entering a publisher’s website or app, where we may display an ad to you — it comes within a so called bid request, which is an offer to buy an advertising space on the publisher’s website or app in order to display an ad (for details, see Section 4 below). We process this information as a data controller for the purposes of displaying ads, ad measurement, brand safety, product development, and fraud detection.
(c) Information regarding the delivery of our ads, i.e., impressions of an ad (e.g., whether we displayed an ad to you and, if so, which ad we selected) and your interactions with an ad (e.g., whether you clicked on it). We process this information as a data controller for the purposes of displaying ads (in particular for frequency capping and ad rotation), ad measurement, and product development.
You may find a full list of categories of data we process as a data controller in our GDPR privacy notice (see Section 5 below).
While providing our services, we do not collect personally identifiable information (PII), such as names, e-mail addresses, postal addresses, telephone numbers, or financial data, such as credit card details.
We do not receive any additional data from advertisers or partners, which, along with the data collected by our technology, would enable us to directly identify you.
4. How we use your data
While you are visiting an advertiser’s website or app (e.g., an e-shop), we collect certain information related to your activity there, such as which items you viewed, put in the basket, and bought. Those browsing patterns on the advertiser’s website or app help us understand what sorts of products and services you are currently interested in and thus display to you, on publishers’ digital properties (e.g., news portals), only ads compatible with these interests.
We display our personalized ads with the use of a programmatic instantaneous auction system known as real-time bidding (RTB). Real-time bidding procedure happens at the moment you enter a publisher’s website or app that offers an advertising space for sale. While such website is loading, a bid request is sent to us by the publisher or our business partner cooperating with the publisher (e.g., supply-side platform, SSP) inviting us to buy a certain ad space. After receiving such bid request, our technology uses information about your previous browsing activity on advertisers’ websites or apps to decide whether to buy the auctioned ad space and, if so, which ad to display.
For instance, if you had recently visited our client’s e-shop looking for running shoes, we may display to you an ad of those same running shoes you had viewed there and similar running shoes or complementary products, such as running clothes offered by that advertiser.
We may also use information on the content of the website where the ad is to be displayed for the additional personalization of this particular ad. However, we never use such website content to personalize future ads, in particular we do not assign this information to your user profile in order to categorize you (e.g., by assigning you to a particular population segment) or try to determine your shopping interests on the basis of your browsing history on publishers’ websites or apps.
Moreover, we do not use your browsing data across advertisers, which means that a browsing activity from one advertiser’s website or app does not affect other advertisers’ ads we display. For instance, the fact that you looked for swimming equipment in an e-shop of our client “A” will not result in us displaying you swimming equipment from an e-shop of our client “B” (unless you had previously browsed similar products on “B” e-shop as well).
After we display an ad to you, we collect information regarding ad impressions (e.g., that we indeed displayed an ad to you, which ad was selected, and when and on what type of device it was displayed) and your interactions with the ad (mainly whether you clicked on it or not). We use this information for the analysis of how our ads perform, for the creation of statistical reports for advertisers regarding the delivery of their ads, and subsequently for attribution and billing purposes. We also process this data for the control of the frequency of ads we display to you (frequency capping) and for product development purposes.
Our platform is integrated with the RTB environment through matching of our technical identifiers, e.g., cookie IDs or mobile advertising IDs (“cookie matching”) with those used by our business partners. It enables us to (a) receive a bid request and eventually serve an ad on a publisher’s website or app that uses our business partners’ digital advertising technology and (b) collect information related to our ad serving activities.
Upon an advertiser’s specific request and on the basis of the information provided by such advertiser, we may perform cross-device tracking that consists of displaying the same categories of ads of this particular advertiser’s products or services on different devices you use (e.g. laptops and smartphones). We do not, however, perform specific data analyses in order to link the devices you use on the basis of the patterns of your online behavior (i.e., we do not conduct probabilistic cross-device tracking).
We also use your personal data for the detection of frauds and other potential dangers to privacy security, for the calculation of the usage levels of our technology, and for brand safety purposes, i.e., to analyze whether publishers’ websites are a suitable environment for our ads to be displayed and to develop and improve our products.
We do not purchase any third-party data from data providers for service optimization purposes or sell data we process to any third parties.
Advertisers and publishers whose websites or apps you visit may independently collect and use your data for different purposes. Please consult their privacy policies for more information in this regard.
5. Personal Data Processing (GDPR)
Although, as described above, we do not collect personally identifiable information (PII), the data we do process is tied to unique online identification numbers that, under the GDPR, are considered “online identifiers” that allow us to “single out” a specific user from other users. According to the GDPR, such information may be considered personal data (this type of non-personally identifiable data is referred to as “pseudonymous data”). Consequently, in cases where the GDPR applies to our services, we assure compliance with all the requirements established by this regulation.
We have also appointed a data protection officer, whom you may contact if you have further questions. Please see Section 9 below for the Data Protection Officer contact details.
As a part of the GDPR compliance program, we have joined the IAB Europe Transparency & Consent Framework (TCF) as a registered vendor (ID No.: 16) and comply with the TCF policies. For more information, please visit https://iabeurope.eu/.
As mentioned above, some of the data we use for providing services, we process as a data controller, which means we are solely responsible for it, and some – as a data processor i.e. on behalf of advertisers. You may access a set of information required by the GDPR pertaining to our data processing activities as a data controller in our GDPR Privacy Notice.
5.1. Data Controllers
Andy Son, andy@ggads.io
5.2. Purpose of the processing
We will process your personal data, which includes storing and accessing certain information on your device (such as cookies or device identifiers) in order to carry out the following:
5.3. Categories of personal data
For the above purposes, we will process the following categories of your personal data:
5.4. Legal basis for the processing
The legal basis for storage and/or access information on your device as well as for the processing of your personal data for the purposes:(1) use limited data to select advertising, (2) create profiles for personalised advertising, (3) use profiles to select personalised advertising, (4) measure advertising performance, (5) understand audiences through statistics or combinations of data from different sources, (6) develop and improve services, is the consent you give on publishers’ websites or apps. You are entitled to withdraw the consent to the processing of your personal data and storing and/or accessing information on your device by us at any moment. You may do so by contacting us directly at: privacy@ggads.io.
With respect to ensuring security, preventing fraud, and fixing errors, as well as with respect to delivering and presenting advertising, the legal basis for the processing of your personal data is the legitimate interest of the controller, pursuant to Article 6 Section 1 (f) of the GDPR.
5.5. Sources of the personal data
We obtain your data either from publishers, on whose digital properties we display our advertisements, or from supply-side platforms (SSPs), cooperating with publishers for the purposes of delivering personalized advertisements. An example of an SSP we cooperate with is Google AdX. You can read more about Google's privacy practices and its use of cookies on this website.
We collect some of the information, such as data related to ad impressions and your interactions with ads, ourselves from publishers’ websites or apps.
5.6. Recipients of the personal data
We may transfer your data to our processors (e.g., IT service providers and data centers) where such entities process data on the basis of a contract with us and only in accordance with our instructions.
We may also transfer very limited amounts of data to our business partners (e.g., SSPs) in a response to a bid request in order to be technically able to display an ad.
5.7. Data subject’s rights
You have the following rights with respect to your personal data:
5.9. Profiling
Within the scope of processing that we undertake as a data controller, we conduct activities that may be deemed “profiling” of your personal data only to a very limited extent (i.e., analysis of data regarding ad impressions and your interactions with our ads for ad measurement purposes).
We do, however, conduct profiling with respect to the data related to your browsing activity on advertisers’ websites or apps (i.e., data we process on behalf of advertisers, as a data processor). We analyze it in order to display to you an ad that we believe you will be most interested in, as described in Section 4 above.
In any case, the profiling does not produce any legal effects toward users or similarly significantly affects them. In particular, it does not result in price discrimination among the users based on their behavioral profile.
5.10. Retention periods
We immediately delete all data received in bid requests, except for a minor fraction needed for statistical and analytical purposes (including brand safety and fraud detection), which is stored for no more than 100 days.
The data regarding ad impressions and your interactions with the ad is kept as long as it is needed for statistical, settlement, and product development purposes. It is stored for no longer than 500 days from its collection, except that the data from ad interactions is stored for additional 65 days on our backup systems, where it is not actively used and is deleted according to the predefined retention schedule.
After the lapse of periods specified above, the data is truncated or effectively anonymized.
In any case, we promptly respond to data subject requests related to the execution of the right to be forgotten by deleting all personal data covered by a given request.
5.11. Transfers to third country and safeguards
We shall not transfer or permit any of your personal data to be transferred to a territory outside of the European Economic Area unless we have taken such measures that are necessary to ensure that the transfer is in compliance with applicable laws. Such measures may include (without limitation) transferring personal data to a recipient in a country that the European Commission has decided provides adequate protection for personal data as referred to in Article 45 of the GDPR.
If you wish to find the list of the countries that the European Commission recognized as providing adequate protection, then click here.
5.12. Further Processing
If we need to use your personal data for a purpose not covered by this notice, then we will provide you with a new notice explaining such new use, prior to commencing the processing, and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing operation.
5.13. Data Protection Officer
We have appointed a data protection officer. It is a person you may contact regarding any issues related to privacy issues and the exercise of your rights concerning the processing of your personal data.
You may contact our Data Protection Officer: Andy Son
by mail to the following address: andy@ggads.io
5.14. Contact details and lodging a complaint with supervisory authority
To exercise all relevant rights and the queries of complaints, please contact privacy@ggads.io
You are also entitled to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work, or an alleged infringement of the GDPR.
6. CCPA Privacy Policy
In these California Consumer Privacy Act Disclosures (“CCPA Disclosures”), we, RTB House Inc. (“RTB House”, “we”) disclosure information about our data processing practices as required by the California Consumer Privacy Act of 2018 (“CCPA). These CCPA Disclosures are effective January 1, 2020. You can download a PDF version here.
I. Who and what information is subject to these CCPA Disclosures? California residents are protected as “consumers” by the California Consumer Privacy Act of 2018 (“CCPA”) with respect to personal information.
II. How can a consumer with a disability access these CCPA Disclosures? Consumers who have a visual disability may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this notice.
III. CCPA Privacy Policy We are providing the disclosures about consumer rights and our personal information handling practices in the preceding twelve months, as required by the CCPA and regulations of the California Attorney General, including §999.308. You may access a set of information required by the CCPA pertaining to our data processing activities as a business under the CCPA in our CCPA Privacy Policy
6.1. Right to Know About Personal InformationCollected, Disclosed, or Sold
This CCPA Privacy Policy describes personal information we generally collect, use, disclose about California residents. You have the right to request that we disclose what personal information we collect, use and disclose about you specifically (“right to know”). To submit a request to exercise the right to know, please submit an email request to privacy@ggads.io and include “California Request to Know”. Please specify in your request the details you would like to know, including any specific pieces of personal information you would like to access.
We will ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. We will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
6.2. Our Personal Information Handling Practices
We have set out below categories of personal information we have collected about California residents in the preceding 12 months and, for each category of personal information collected, the categories of sources from which that information was collected, the business or commercial purposes for which the information was collected and the categories of third parties with whom we shared the personal information.
6.2.1. Category of personal information Identifiers such as an unique online
identifiers (including cookie IDs and mobile advertising IDs)
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers
6.2.2. Category of personal information Identifiers such as an Internet Protocol address indicating your general (non-specific) location (Geolocation data.)
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers.
6.2.3. Category of personal information Internet or other electronic network activity information, including browsing history and information regarding a consumer’s interaction with an Internet Web site, application or advertisement i.e.: (a) URLs of the web pages you visited (“referrer”) (b) data related to ad impressions and your interactions with our ads on publishers’ websites or apps (c) technical browser and device information (“user agent”) (d) timestamps.
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers.
6.3. Disclosures and Sale of Personal Information
Over the preceding 12 months, we have not sold any categories of California residents’ personal information to third parties. We disclosed the following categories of California residents’ personal information to Supply Side Platforms: online identifiers.
6.4. Right to Request Deletion of Personal Information
You have a right to request the deletion of personal information that we collect or maintain about you. To submit a request to delete personal information, please submit an email request to privacy@ggads.io and include “California Request to Delete” in the subject line. Please specify in your request the personal information about you that you would like to have deleted, which can be all of your personal information as required by the CCPA. We will ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. Once we have verified your identity, we will ask you to confirm that you wish to have your personal information deleted. Once confirmed, we will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
6.5. Right to Opt-Out of the Sale of Personal Information
You have the right to opt-out of the sale of your personal information by a business. We do not, and will not, sell your personal information.
6.6. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You may not be discriminated against because you exercise any of your rights under the CCPA in violation of Cal. Civ. Code §1798.125.
6.7. Authorized Agent
You can designate an authorized agent to make a request under the CCPA on your behalf if:
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please have the authorized agent take the following steps in addition to the steps described in Sections 2 and 3 above:
Mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf to privacy@ggads.io and
Provide any information we request in our response to your email to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
6.8. Contact for More Information
If you have questions or concerns regarding our privacy policy or practices, you may contact us using the following details:
Email address:privacy@ggads.io
7. Data Security Measures
We have implemented organizational and technical measures to assure an appropriate level of security of your data. We have deployed procedures regarding every aspect of data processing, and we carefully select technologies used for such processing and any data recipients.
Your data is protected against human interactions, equipment malfunctions, internal or external attacks, losses, or misuses. We store it in top-tier multi-tenant data centers operated by market-leading companies with appropriate data security certifications (in particular ISO 27001). In order to ensure the ongoing confidentiality and availability of your data, we use encryption and a back-up mechanism.
We constantly monitor the implemented security measures and develop the awareness and knowledge about privacy and personal data protection at our company on an ongoing basis.
8. Privacy Policy Changes
In order to develop the privacy protection, we may deem it fit or necessary to update this Privacy Policy at any time. Please follow our website where we will inform you about any material changes to our Privacy Policy.
9. Contact
If you have any further questions related to your privacy, please do not hesitate to contact our Data Protection Officer at the following:
Data Protection Officer
Andy Son, andy@ggads.io
Last updated: 1 November 2023
1. General information
We are an advertising technology company that provides online advertisement services to advertisers (e.g., e-shops) in the programmatic advertising environment. Our role is to give advertisers an effective tool to display ads of their products or services on publishers’ websites and mobile applications you visit (e.g., news portals). Our ads are personalized, i.e., based on the information on your previous online activity. We will display to you the ads of those advertisers whose websites or apps you had visited in the past (a service known as retargeting) or ads that we believe otherwise match your current shopping interests.
In order to serve personalized ads, we process certain information related to your online activity that helps us understand what your current shopping interests might be and allows us to display an ad and analyze how it performs. While doing so, we aim at ensuring the highest level of privacy protection and transparency. We strictly comply with all applicable privacy laws, in particular the EU General Data Protection Regulation (GDPR), Directive on Privacy and Electronic Communications (E-Privacy Directive), as well as established best practices on the digital advertising market.
2. How do we collect data
In order to collect your data, we use cookies, which are text files inserted in your web browser when you visit advertisers’ or publishers’ websites or apps, as well as other tracking technologies available on your device, such as mobile advertising ID. They allow us to register certain activities you perform on those websites or apps.
We operate under the https://www.ggads.io/ domain while providing our services. We store two cookies under this domain: (a) “u” which contains a unique ID established for the browser you use (b) “ts” which stores the timestamp needed to establish cookie lifetime.
3. What data we process
We process the following three main groups of data:
(a) Information related to your browsing activity on advertisers’ websites or apps — it helps us understand what sorts of products and services you are interested in and, consequently, determine which ads should be displayed to you to match your current shopping interests. We process this data on behalf of the advertisers for whom we conduct advertising campaigns (as a data processor), specifically for the purpose of creating your user profile.
(b) Information that you are currently entering a publisher’s website or app, where we may display an ad to you — it comes within a so called bid request, which is an offer to buy an advertising space on the publisher’s website or app in order to display an ad (for details, see Section 4 below). We process this information as a data controller for the purposes of displaying ads, ad measurement, brand safety, product development, and fraud detection.
(c) Information regarding the delivery of our ads, i.e., impressions of an ad (e.g., whether we displayed an ad to you and, if so, which ad we selected) and your interactions with an ad (e.g., whether you clicked on it). We process this information as a data controller for the purposes of displaying ads (in particular for frequency capping and ad rotation), ad measurement, and product development.
You may find a full list of categories of data we process as a data controller in our GDPR privacy notice (see Section 5 below).
While providing our services, we do not collect personally identifiable information (PII), such as names, e-mail addresses, postal addresses, telephone numbers, or financial data, such as credit card details.
We do not receive any additional data from advertisers or partners, which, along with the data collected by our technology, would enable us to directly identify you.
4. How we use your data
While you are visiting an advertiser’s website or app (e.g., an e-shop), we collect certain information related to your activity there, such as which items you viewed, put in the basket, and bought. Those browsing patterns on the advertiser’s website or app help us understand what sorts of products and services you are currently interested in and thus display to you, on publishers’ digital properties (e.g., news portals), only ads compatible with these interests.
We display our personalized ads with the use of a programmatic instantaneous auction system known as real-time bidding (RTB). Real-time bidding procedure happens at the moment you enter a publisher’s website or app that offers an advertising space for sale. While such website is loading, a bid request is sent to us by the publisher or our business partner cooperating with the publisher (e.g., supply-side platform, SSP) inviting us to buy a certain ad space. After receiving such bid request, our technology uses information about your previous browsing activity on advertisers’ websites or apps to decide whether to buy the auctioned ad space and, if so, which ad to display.
For instance, if you had recently visited our client’s e-shop looking for running shoes, we may display to you an ad of those same running shoes you had viewed there and similar running shoes or complementary products, such as running clothes offered by that advertiser.
We may also use information on the content of the website where the ad is to be displayed for the additional personalization of this particular ad. However, we never use such website content to personalize future ads, in particular we do not assign this information to your user profile in order to categorize you (e.g., by assigning you to a particular population segment) or try to determine your shopping interests on the basis of your browsing history on publishers’ websites or apps.
Moreover, we do not use your browsing data across advertisers, which means that a browsing activity from one advertiser’s website or app does not affect other advertisers’ ads we display. For instance, the fact that you looked for swimming equipment in an e-shop of our client “A” will not result in us displaying you swimming equipment from an e-shop of our client “B” (unless you had previously browsed similar products on “B” e-shop as well).
After we display an ad to you, we collect information regarding ad impressions (e.g., that we indeed displayed an ad to you, which ad was selected, and when and on what type of device it was displayed) and your interactions with the ad (mainly whether you clicked on it or not). We use this information for the analysis of how our ads perform, for the creation of statistical reports for advertisers regarding the delivery of their ads, and subsequently for attribution and billing purposes. We also process this data for the control of the frequency of ads we display to you (frequency capping) and for product development purposes.
Our platform is integrated with the RTB environment through matching of our technical identifiers, e.g., cookie IDs or mobile advertising IDs (“cookie matching”) with those used by our business partners. It enables us to (a) receive a bid request and eventually serve an ad on a publisher’s website or app that uses our business partners’ digital advertising technology and (b) collect information related to our ad serving activities.
Upon an advertiser’s specific request and on the basis of the information provided by such advertiser, we may perform cross-device tracking that consists of displaying the same categories of ads of this particular advertiser’s products or services on different devices you use (e.g. laptops and smartphones). We do not, however, perform specific data analyses in order to link the devices you use on the basis of the patterns of your online behavior (i.e., we do not conduct probabilistic cross-device tracking).
We also use your personal data for the detection of frauds and other potential dangers to privacy security, for the calculation of the usage levels of our technology, and for brand safety purposes, i.e., to analyze whether publishers’ websites are a suitable environment for our ads to be displayed and to develop and improve our products.
We do not purchase any third-party data from data providers for service optimization purposes or sell data we process to any third parties.
Advertisers and publishers whose websites or apps you visit may independently collect and use your data for different purposes. Please consult their privacy policies for more information in this regard.
5. Personal Data Processing (GDPR)
Although, as described above, we do not collect personally identifiable information (PII), the data we do process is tied to unique online identification numbers that, under the GDPR, are considered “online identifiers” that allow us to “single out” a specific user from other users. According to the GDPR, such information may be considered personal data (this type of non-personally identifiable data is referred to as “pseudonymous data”). Consequently, in cases where the GDPR applies to our services, we assure compliance with all the requirements established by this regulation.
We have also appointed a data protection officer, whom you may contact if you have further questions. Please see Section 9 below for the Data Protection Officer contact details.
As a part of the GDPR compliance program, we have joined the IAB Europe Transparency & Consent Framework (TCF) as a registered vendor (ID No.: 16) and comply with the TCF policies. For more information, please visit https://iabeurope.eu/.
As mentioned above, some of the data we use for providing services, we process as a data controller, which means we are solely responsible for it, and some – as a data processor i.e. on behalf of advertisers. You may access a set of information required by the GDPR pertaining to our data processing activities as a data controller in our GDPR Privacy Notice.
5.1. Data Controllers
Andy Son, andy@ggads.io
5.2. Purpose of the processing
We will process your personal data, which includes storing and accessing certain information on your device (such as cookies or device identifiers) in order to carry out the following:
- use limited data to select advertising,
- create profiles for personalised advertising,
- use profiles to select personalised advertising,
- measure advertising performance,
- understand audiences through statistics or combinations of data from different sources,
- develop and improve services,
- ensure security, prevent and detect fraud, and fix errors,
- deliver and present advertising and content.
5.3. Categories of personal data
For the above purposes, we will process the following categories of your personal data:
- unique online identifiers (including cookie IDs and mobile advertising IDs);
- URLs of the web pages you visited (“referrer”);
- data related to ad impressions and your interactions with our ads on publishers’ websites or apps;
- technical browser and device information (“user agent”);
- timestamps
- IP addresses indicating your general (non-specific) location.
5.4. Legal basis for the processing
The legal basis for storage and/or access information on your device as well as for the processing of your personal data for the purposes:(1) use limited data to select advertising, (2) create profiles for personalised advertising, (3) use profiles to select personalised advertising, (4) measure advertising performance, (5) understand audiences through statistics or combinations of data from different sources, (6) develop and improve services, is the consent you give on publishers’ websites or apps. You are entitled to withdraw the consent to the processing of your personal data and storing and/or accessing information on your device by us at any moment. You may do so by contacting us directly at: privacy@ggads.io.
With respect to ensuring security, preventing fraud, and fixing errors, as well as with respect to delivering and presenting advertising, the legal basis for the processing of your personal data is the legitimate interest of the controller, pursuant to Article 6 Section 1 (f) of the GDPR.
5.5. Sources of the personal data
We obtain your data either from publishers, on whose digital properties we display our advertisements, or from supply-side platforms (SSPs), cooperating with publishers for the purposes of delivering personalized advertisements. An example of an SSP we cooperate with is Google AdX. You can read more about Google's privacy practices and its use of cookies on this website.
We collect some of the information, such as data related to ad impressions and your interactions with ads, ourselves from publishers’ websites or apps.
5.6. Recipients of the personal data
We may transfer your data to our processors (e.g., IT service providers and data centers) where such entities process data on the basis of a contract with us and only in accordance with our instructions.
We may also transfer very limited amounts of data to our business partners (e.g., SSPs) in a response to a bid request in order to be technically able to display an ad.
5.7. Data subject’s rights
You have the following rights with respect to your personal data:
- the right to withdraw your consent to the processing at any time, e.g., by means of an opt-out procedure without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to object to the processing of the personal data for direct marketing purposes or, on grounds relating to your particular situation, whenever the legal basis for processing is controllers’ legitimate interest;
- the right to access to the personal data;
- the right to obtain from the controller restriction of processing as referred to in Article 18 of GDPR;
- the right to request that your personal data be corrected if it is found to be inaccurate or out of date;
- the right to request your personal data be erased where it is no longer necessary for us to retain such data;
- the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; and
- the right to request that we provide you with your personal data and where possible to transmit that data directly to another data controller. You are entitled to request a copy of your personal data processed by us.
5.9. Profiling
Within the scope of processing that we undertake as a data controller, we conduct activities that may be deemed “profiling” of your personal data only to a very limited extent (i.e., analysis of data regarding ad impressions and your interactions with our ads for ad measurement purposes).
We do, however, conduct profiling with respect to the data related to your browsing activity on advertisers’ websites or apps (i.e., data we process on behalf of advertisers, as a data processor). We analyze it in order to display to you an ad that we believe you will be most interested in, as described in Section 4 above.
In any case, the profiling does not produce any legal effects toward users or similarly significantly affects them. In particular, it does not result in price discrimination among the users based on their behavioral profile.
5.10. Retention periods
We immediately delete all data received in bid requests, except for a minor fraction needed for statistical and analytical purposes (including brand safety and fraud detection), which is stored for no more than 100 days.
The data regarding ad impressions and your interactions with the ad is kept as long as it is needed for statistical, settlement, and product development purposes. It is stored for no longer than 500 days from its collection, except that the data from ad interactions is stored for additional 65 days on our backup systems, where it is not actively used and is deleted according to the predefined retention schedule.
After the lapse of periods specified above, the data is truncated or effectively anonymized.
In any case, we promptly respond to data subject requests related to the execution of the right to be forgotten by deleting all personal data covered by a given request.
5.11. Transfers to third country and safeguards
We shall not transfer or permit any of your personal data to be transferred to a territory outside of the European Economic Area unless we have taken such measures that are necessary to ensure that the transfer is in compliance with applicable laws. Such measures may include (without limitation) transferring personal data to a recipient in a country that the European Commission has decided provides adequate protection for personal data as referred to in Article 45 of the GDPR.
If you wish to find the list of the countries that the European Commission recognized as providing adequate protection, then click here.
5.12. Further Processing
If we need to use your personal data for a purpose not covered by this notice, then we will provide you with a new notice explaining such new use, prior to commencing the processing, and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing operation.
5.13. Data Protection Officer
We have appointed a data protection officer. It is a person you may contact regarding any issues related to privacy issues and the exercise of your rights concerning the processing of your personal data.
You may contact our Data Protection Officer: Andy Son
by mail to the following address: andy@ggads.io
5.14. Contact details and lodging a complaint with supervisory authority
To exercise all relevant rights and the queries of complaints, please contact privacy@ggads.io
You are also entitled to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work, or an alleged infringement of the GDPR.
6. CCPA Privacy Policy
In these California Consumer Privacy Act Disclosures (“CCPA Disclosures”), we, RTB House Inc. (“RTB House”, “we”) disclosure information about our data processing practices as required by the California Consumer Privacy Act of 2018 (“CCPA). These CCPA Disclosures are effective January 1, 2020. You can download a PDF version here.
I. Who and what information is subject to these CCPA Disclosures? California residents are protected as “consumers” by the California Consumer Privacy Act of 2018 (“CCPA”) with respect to personal information.
II. How can a consumer with a disability access these CCPA Disclosures? Consumers who have a visual disability may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this notice.
III. CCPA Privacy Policy We are providing the disclosures about consumer rights and our personal information handling practices in the preceding twelve months, as required by the CCPA and regulations of the California Attorney General, including §999.308. You may access a set of information required by the CCPA pertaining to our data processing activities as a business under the CCPA in our CCPA Privacy Policy
6.1. Right to Know About Personal InformationCollected, Disclosed, or Sold
This CCPA Privacy Policy describes personal information we generally collect, use, disclose about California residents. You have the right to request that we disclose what personal information we collect, use and disclose about you specifically (“right to know”). To submit a request to exercise the right to know, please submit an email request to privacy@ggads.io and include “California Request to Know”. Please specify in your request the details you would like to know, including any specific pieces of personal information you would like to access.
We will ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. We will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
6.2. Our Personal Information Handling Practices
We have set out below categories of personal information we have collected about California residents in the preceding 12 months and, for each category of personal information collected, the categories of sources from which that information was collected, the business or commercial purposes for which the information was collected and the categories of third parties with whom we shared the personal information.
6.2.1. Category of personal information Identifiers such as an unique online
identifiers (including cookie IDs and mobile advertising IDs)
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers
6.2.2. Category of personal information Identifiers such as an Internet Protocol address indicating your general (non-specific) location (Geolocation data.)
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers.
6.2.3. Category of personal information Internet or other electronic network activity information, including browsing history and information regarding a consumer’s interaction with an Internet Web site, application or advertisement i.e.: (a) URLs of the web pages you visited (“referrer”) (b) data related to ad impressions and your interactions with our ads on publishers’ websites or apps (c) technical browser and device information (“user agent”) (d) timestamps.
We collected such personal information to use for the following business or commercial purposes: (a) use limited data to select advertising, (b) create profiles for personalised advertising, (c) use profiles to select personalised advertising, (d) measure advertising performance, (e) understand audiences through statistics or combinations of data from different sources, (f) develop and improve services, (g) ensure security, prevent and detect fraud, and fix errors (h) deliver and present advertising and content.
We have collected such personal information from the following categories of sources: Our business partners i.e.: (a) Supply Side Platforms (b) Publishers.
6.3. Disclosures and Sale of Personal Information
Over the preceding 12 months, we have not sold any categories of California residents’ personal information to third parties. We disclosed the following categories of California residents’ personal information to Supply Side Platforms: online identifiers.
6.4. Right to Request Deletion of Personal Information
You have a right to request the deletion of personal information that we collect or maintain about you. To submit a request to delete personal information, please submit an email request to privacy@ggads.io and include “California Request to Delete” in the subject line. Please specify in your request the personal information about you that you would like to have deleted, which can be all of your personal information as required by the CCPA. We will ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. Once we have verified your identity, we will ask you to confirm that you wish to have your personal information deleted. Once confirmed, we will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
6.5. Right to Opt-Out of the Sale of Personal Information
You have the right to opt-out of the sale of your personal information by a business. We do not, and will not, sell your personal information.
6.6. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You may not be discriminated against because you exercise any of your rights under the CCPA in violation of Cal. Civ. Code §1798.125.
6.7. Authorized Agent
You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
- You sign a written declaration that you authorize the authorized agent to act on your behalf.
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please have the authorized agent take the following steps in addition to the steps described in Sections 2 and 3 above:
Mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf to privacy@ggads.io and
Provide any information we request in our response to your email to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
6.8. Contact for More Information
If you have questions or concerns regarding our privacy policy or practices, you may contact us using the following details:
Email address:privacy@ggads.io
7. Data Security Measures
We have implemented organizational and technical measures to assure an appropriate level of security of your data. We have deployed procedures regarding every aspect of data processing, and we carefully select technologies used for such processing and any data recipients.
Your data is protected against human interactions, equipment malfunctions, internal or external attacks, losses, or misuses. We store it in top-tier multi-tenant data centers operated by market-leading companies with appropriate data security certifications (in particular ISO 27001). In order to ensure the ongoing confidentiality and availability of your data, we use encryption and a back-up mechanism.
We constantly monitor the implemented security measures and develop the awareness and knowledge about privacy and personal data protection at our company on an ongoing basis.
8. Privacy Policy Changes
In order to develop the privacy protection, we may deem it fit or necessary to update this Privacy Policy at any time. Please follow our website where we will inform you about any material changes to our Privacy Policy.
9. Contact
If you have any further questions related to your privacy, please do not hesitate to contact our Data Protection Officer at the following:
Data Protection Officer
Andy Son, andy@ggads.io
Last updated: 1 November 2023