GDPR
This policy applies only to the personal data processed by ADventori through the tools and services made available to its clients. To learn about the personal data policy applying to data collected on the website, see here. This policy supplements ADventori’s General Terms and Conditions, whose definitions fully apply.
1. Position of Each Party
ADventori provides its clients with tools and services enabling the execution of advertising optimization campaigns.
These campaigns are defined, drafted, and carried out by advertisers, who are ADventori’s clients (or the clients of its clients, etc.), without ADventori having any decision-making power over these aspects. ADventori thus acts within a contractual chain. As a result, and based on factual elements and applicable regulations (in particular as interpreted by Opinion 1/2010 of the Article 29 Working Party dated 16 February 2010), ADventori is considered a “processor” for these campaigns, meaning it acts solely as a provider of tools on behalf of its clients, who themselves have the role of “data controllers.”
It is therefore the data controller clients who determine:
– the type of personal data collected and processed;
– the legal basis on which the personal data is collected;
– whether or not fully automated decision-making exists based on the personal data provided;
– the recipients or categories of recipients;
– the countries to which the personal data is transferred.
ADventori makes its best efforts to alert its clients in case their decisions do not comply with applicable law, but the responsibility for final decisions lies entirely with the clients.
Likewise, clients are solely responsible for providing all information and notices required under applicable regulations.
It is acknowledged that the measurement tool used to track and measure ADventori’s performance does not include personal data and is therefore not subject to personal data protection regulations or to this policy.
2. ADventori’s Commitments
ADventori’s obligations comprise only the following. ADventori shall indemnify the Client against any claim or action from third parties relating to these obligations and undertakes to bear, as they arise, all expenses, penalties, costs, and attorney fees that the Client may incur as a result.
Generally speaking, ADventori undertakes to comply with personal data protection regulations.
ADventori’s obligations comprise only the following. ADventori shall indemnify the Client against any claim or action from third parties relating to these obligations and undertakes to bear, as they arise, all expenses, penalties, costs, and attorney fees that the Client may incur as a result.
Generally speaking, ADventori undertakes to comply with personal data protection regulations.
a. Maintaining a Register of the Client’s Instructions
ADventori undertakes to keep a written record of the Client’s specific instructions for each Campaign regarding personal data, in an open format. By exception, operations and processing activities resulting from the execution of this agreement shall be considered as Client instructions by default.
b. Use of Subcontractors
In general, ADventori may subcontract any aspect of the contractual relationship that does not involve personal data.
However, if ADventori uses a subcontractor for processing personal data related to this agreement, ADventori shall inform the Client, who may only refuse for legitimate reasons. Silence from the Client for more than 15 days shall constitute tacit approval.
c. Responsibility
ADventori implements internal procedures demonstrating compliance with personal data regulations as a processor. Therefore, ADventori accepts that the Client may, with a 15-day written notice, send specific questions and documentation requests to ADventori. These questions must relate solely to regulatory compliance in connection with this agreement. ADventori must respond within a reasonable period, which cannot be less than one month.
By exception, ADventori must comply with shorter deadlines imposed by authorities such as CNIL (or an equivalent authority).
ADventori undertakes to cooperate with the Client in the event of audits or documentation requests from CNIL (or an equivalent authority).
d. Participation in the IAB TCF v2.2 Framework
ADventori participates in the IAB Europe Transparency & Consent Framework under Vendor ID #32. In this capacity, ADventori commits to complying with the rules and implementations established by this widely recognized privacy standard for the digital advertising industry.
e. Privacy by Design
ADventori implements internal procedures demonstrating compliance with the principles of data protection by design and by default.
f. Security
ADventori declares that it implements a set of technical and organizational security measures aimed at:
– guaranteeing the confidentiality, integrity, availability, and resilience of information systems processing personal data, in accordance with industry standards and this agreement;
– restoring, where necessary, the availability of personal data and access to it, in accordance with industry standards and this agreement.
ADventori also implements periodic testing, analysis, and evaluation procedures for the technical and organizational security measures in place.
g. Retention of Personal Data Provided by the Client
ADventori stores personal data provided under this agreement within the European Union or in a country recognized by the European Commission as providing an adequate level of protection.
ADventori will retain the personal data provided by the Client in accordance with the retention periods determined by the Client. The Client acknowledges that in the absence of written instructions, ADventori will retain the data only for 3 months after the end of the relevant Campaign. The Client assumes full responsibility for the consequences of this retention period in the absence of written instructions. Once this period ends, ADventori shall delete the relevant data.
h. Procedure in Case of a Security Breach
Although ADventori is subject to a best-effort obligation regarding IT security, in the event of a security breach ADventori undertakes to:
-
notify the Client as soon as possible and provide reasonably necessary information (within the limits of ADventori’s confidentiality obligations);
-
assist the Client and, where applicable, CNIL or any public authority;
-
reasonably participate in the implementation of corrective actions.
ADventori will maintain a history of security incidents.
i. Assistance to the Client Regarding Rights Under Regulation 2016/679
ADventori undertakes to assist the Client with any written and precise request relating to the exercise of a right or obligation under the GDPR, including:
– implementing data subjects’ rights (e.g., right to portability, access, rectification);
– participating in a privacy impact assessment (PIA).
The Parties acknowledge that if this assistance exceeds more than one hour per week, ADventori shall be entitled to charge the Client for the excess time, based on the applicable hourly rate at the date of the Client’s request.
3. Client Obligations
The Client’s obligations include the following. The Client shall indemnify ADventori against any claim or action from third parties relating to these obligations and undertakes to bear, as they arise, all expenses, penalties, costs, and attorney fees that ADventori may incur as a result.
Generally speaking, the Client undertakes to comply with personal data protection regulations.
a. Formalities with CNIL
The Client declares and warrants that it has completed all required declarations and requests for authorization necessary for the collection, processing, transfer, and retention of personal data used or required under this agreement.
b. Maintaining a Processing Register
If the Client has appointed a Data Protection Correspondent (CIL/DPO), it guarantees that it has created, maintained, and kept up to date a processing register containing all mandatory information.
In all cases, the Client undertakes to create, maintain, and keep up to date such a processing register in compliance with Regulation 2016/679.
c. Privacy Impact Assessments
The Client declares and warrants that it has conducted a privacy impact assessment for all processing activities covered by this agreement that meet the criteria of Regulation 2016/679 and/or CNIL decisions.
d. Informing Data Subjects
The Client declares and warrants that it has informed data subjects of all their rights and of the mandatory notices required under applicable regulations, and that it has collected consent where necessary in accordance with the applicable law.
Where applicable, the Client undertakes to provide information and collect consent from data subjects in accordance with GDPR, the French Data Protection Act as amended by the Ordinance of 3 December 2018, and all applicable French regulations. When necessary, the Client must re-inform and/or re-collect consent in compliance with these rules.
The Client shall draft and include General Terms and Conditions that comply with the law, this agreement, and applicable personal data regulations. The Client shall update its General Terms to reflect any changes to ADventori’s product and service functionalities and/or ADventori’s General Terms and Conditions.
e. Responsibility
The Client implements internal procedures demonstrating compliance with the regulation as a data controller.
f. Privacy by Design
The Client implements internal procedures demonstrating compliance with data protection by design and by default.
g. Security
The Client declares that it implements technical and organizational security measures aimed at:
– guaranteeing confidentiality, integrity, availability, and resilience of information systems processing personal data, in accordance with industry standards and this agreement;
– restoring, where necessary, the availability of personal data and access to it, in accordance with industry standards and this agreement.
The Client also implements periodic testing, analysis, and evaluation procedures of its security measures.
h. Retention Periods for Personal Data
As the data controller, the Client undertakes and guarantees to determine, for each type of data and each purpose, a retention period compliant with applicable regulations.
The Client undertakes to communicate these retention periods to ADventori in writing and without delay.
i. Data Protection Officer
If the Client has appointed a Data Protection Officer (DPO), it shall provide the DPO’s contact details at the time of contracting with ADventori and notify ADventori of any changes. This DPO will be ADventori’s point of contact for all issues relating to personal data protection regulations.
j. Log Level
It is reminded that personal data may only be processed for a specific purpose communicated to the data subject. Consequently, the Client may not obtain from ADventori any data, listing, logs, or other elements covered by personal data regulations unless the Client itself becomes a recipient of the data and guarantees compliance with all obligations set forth in Section 2 of this policy.
If such a transfer is required, the Parties must sign an agreement relating to the transfer of personal data in compliance with applicable regulations.
4. Data Processing
a. Personal data and technical data
ADventori collects from visitors of its customers’ website/apps, only the following:
- Personal Data : IP addresses, unique cookie ID, and behavioral data (e.g. how visitors interacted with the website or app, time of engagement, etc.)
- Technical Data : Which may include pages of a website or app visited, type of computer operation system, type of web browser, JS error, other backend technical data, etc.
b. IP address usage and retention
IP address is converted to imprecise location (circa 8km) then is stored in ADventori system for technical reasons. It is not processed at any point. We use IP address only for:
- GEO location up to the city level by using an external repository matching the IP address and the city
- Blacklist any unwanted IP addresses (per request by the customer)
- Log for system troubleshooting purposes.
c. Cookies
ADventori uses only 1 st and 3rd party cookies, with expiration of no more than 90 days.
TCF cookie disclosure
This document is up-to-date and must be maintained when changing cookies.
https://adventori.com/.well-known/tcf-adventori-device-storage-disclosure.json
Reference . Beware, CORS without cookies must be supported for client-side XHR request
Cookies on adventori.com domain (3rd party cookie) during ad-serving :
Cookie name |
Category |
Lifetime |
Goal |
sync_XXXXXXXX |
Advertising cookie |
90 days |
This cookie is used to save the result of cookie-sync with a technical partner and contains unique user identifier of the user for the partner.XXXXXXX = partner ID |
tk_ui_third |
Functional cookie |
90 days |
Third-party cookies refusal detection, contains 1 if they are accepted. |
tk_iid_PPPPPPPP |
Advertising cookie |
4 hours |
Cookie containing impression ID enabling the connection between impression and click for placements of type Tracker.PPPPPPP = placement ID. |
tk_ui |
Advertising cookie |
90 days |
Cookie containing unique and anonymous user identifier for ADventori. |
tk_tracking |
Functional cookie |
13 months |
Contains “no”, only for Opted-out users. No data collected. |
Cookies on adventori.com domain (3rd party cookie) use by site-trackers :
Cookie name |
Category |
Lifetime |
Goal |
tk_ui_third |
Functional cookie |
90 days |
Third-party cookies refusal detection, contains 1 if they are accepted. |
tk_ui |
Advertising cookie |
90 days |
Cookie containing unique and anonymous user identifier for ADventori. |
tk_tracking |
Functional cookie |
13 months |
Contains “no”, only for Opted-out users. No data collected. |
Cookies on advertiser domain (1st party cookie) use by site-trackers :
These cookies are placed only in Javascirpt tags, by answering the call to /collect/
Cookie name |
Category |
Lifetime |
Goal |
adv_iid |
Advertising cookie |
90 days |
Cookie containing impression ID enabling the connection between impression and visit. The purpose of this cookie is to allow the post-click follow-up of the visit on browser refusing third-party cookies. |
adv_ui |
Advertising cookie |
90 days |
Cookie containing unique and anonymous user identifier for ADventori. The purpose of this cookie is to allow the post-click follow-up of the visit on browser refusing third-party cookies. |
d. Data retention
Personal data related to ad impression and conversion is kept for up to 23 months. Personal data can be deleted at any time per customer request.
e. Sub-processing and data transfer
As an essential part of our services we use sub-processors that will not have access to the data collected on normal operations. Our only sub-processor is OVH.
Location of data storage (by OVH) may be determined by the customer (CA or EU or SG). Data will be transferred to EU for aggregated statistics processing and redundancy.
f. Processing
ADventori process personal data solely for the purpose of providing services to the customer as agreed under the applicable Master Services Agreement.
Customers personal data is not used for any other purpose.
ADventori do not aggregate, sell customers personal data. ADventori does not track visitors outside of its customers’ website/app. ADventori do not blend data between advertisers.
g. Pseudo-anonymization
As ADventori keeps the Cookie ID during the processing activities, the personal data is deemed PSEUDO-ANONYMOUS.
h. Data subject requests
We allow our customers and provide assistance in their efforts to comply and respond to any Data Subject Requests (DSR) relating to the personal data processed by the ADventori, such as access and deletion of personal data.
i. Blocking of personal data
Other than the personal data listed above, ADventori is not intended to process personal data such as name, email, address, phone, occupation, medical information, financial information, etc.
j. Data purge
ADventori has implemented tools and internal processes, managed and lead 24/7 by ADventori’s dedicated and trained support team, for the purpose of handling any privacy related events, and the timely provision of internal and external notifications and the purge of any excess personal data from our system, as needed.
© ADventori – Janvier 2019