Last update 18.April.2018
Adludio Limited (“Adludio”, “we”, “us” or “our”) provides a creative solution for digital branded content (including video and non video), facilitating the development, serving and distribution of digital ads on mobile environments, and other digital devices and connected environments including computers.
Adludio offers a creative as a service via our creative platform Adludio Direct (“Platform” or “Adludio Direct”), and a full stack advertising solution which includes the development, serving and distribution of advertising content online.
The information we collect depends on what products or services you use and how you use them. This policy applies to:
• “Platform Users” -- users of our creative platform Adludio Direct, creative as a service, provided through our Sites;
• “End Users” -- end users of our digital advertisements created through and/or trafficked by Adludio products or services.
• It aims to explain clearly what information we collect with your permission, what we do with it and, and what we do not do with that information;
• It holds us accountable for protecting your rights and privacy under this policy.
It also lays out in detail the ways in which you are consenting your information to be collected, processed and used including:
• The transfer of your information outside your country of residence
• The transfer of your non-personal information between trusted partners and third party entities as described in this policy, in order to fulfil a service as agreed by you, Adludio and/or tsuch entities;
• The collection, processing, use, disclosure and retention of your information by all entities as described in this policy, including Adludio as Data Controller and Data Processor (as applicable).
Glossary of terms
For purposes of this policy:
• “Personal Information” for residents of the European Economic Area means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This includes IP address and advertising ID (IDFA/AAID).
• “Non-Personal Information” means information not included in the definition of Personal Information, such as pages or ads visited, time spent on pages, browser and device type, and referring and exit pages. For non-residents of the European Economic Area, IP address and advertising IDs (IDFA/AAID) are Non-Personal Information.
A list of additional terms for reference:
• “Ad(s)” -- a digital advertisement or “adunit”
• “Sensory ads” -- Adludio’s user-engagement ad product, Sensory Ads are served on the premise that a user must voluntarily and actively participate with an ad experience by fullfiling a digital “gesture-based” (using the computer cursor, mobile touch-screen or mobile gyroscope type command) interaction. This means that a user must view and opt-in by engaging in order to benefit from the ad experience, as opposed to the traditional industry model of view-only.
• “RTB“ -- Real-time bidding refers to the buying and selling of online ad impressions through real-time auctions that occur in the time it takes a webpage to load.
• “Bidder“ -- Adludio is using Beeswax to buy inventory required for serving adunits. Beeswax is New York based company that offers the first “Bidder-as-a-Service“ solution for programmatic RTB media buying.
• “HTTPS“ -- (HTTP Secure) is an adaptation of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet.
• “Cookie“ -- An HTTP cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. • “Beacons, Pixels“ -- A Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an email that is used to monitor the behavior of the user visiting the Web site or sending the email. It is often used in combination with cookies.
• “AWS“ -- Amazon Web Services (AWS) is a subsidiary of Amazon.com that provides on-demand cloud computing platforms to individuals, companies and governments. • “Amazon VPC“ -- Amazon VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network defined by the client (Adludio).
• “Amazon S3“ -- Amazon Simple Storage Service is a web service offered by Amazon Web Services (AWS). Amazon S3 is extremely durable, highly available and secure object storage built to store and retrieve any amount of data on the Internet.
• “AWS Kinesis“ -- Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs.
1. What information we collect, how we do it and how we use it
The kind of information we collect, and how we do it depends on which kind of user category you fall into.
When you voluntarily share Personal Information with us, this information is used by Adludio in a manner consistent with the permissions communicated to us. We may use this information to:
You always have the option to opt-out of such communication by unsubscribing, changing your user/profile settings or emailing us. You can also request that we delete your information at any time by contacting us directly at email@example.com or firstname.lastname@example.org.
We may use this data to manage and improve our Site. In some areas of the world, certain Visitor Analytics may be Personal Information. Where this is the case, we comply with applicable laws regarding our use and processing of Personal Information.
Adludio uses this information for the purpose of of invoicing and processing payments for services provided. We may use reliable third-party service providers to manage credit card processing, they are not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing. We may also use reliable third-party service providers to issue, manage and execute billing and payment events, they are not permitted to store, retain, or use Billing Information except for the sole purpose of executing the billing and payment service, and are required to comply with applicable laws regarding our use and processing of Personal Information.
You can edit and manage this information on your Platform account settings or by contacting us directly on email@example.com or firstname.lastname@example.org.
Ad Serving Data includes standard digital advertising metrics as defined by industry bodies such as the Internet Advertising Bureau (IAB), including number of ads viewed, time spent viewing an ad, page views, video views, number of ads clicked, IP address, device ID, GPS coordinates, advertising identifiers (IDFA/AAID). It may also include Personal Information that you actively choose to share with us through text field forms, and other information about your interaction with the ads.
End User information may be used for lawful advertising purposes to provide you with a more tailored online advertising experience. It may also be used by Adludio to improve the functionality of our services.
In this context, Adludio may collect, process, uses, disclose or retain information about End Users in the following manners:
Bidder Data -- Adludio serves as a “Data Processor” in the context of user targeting and media buying in a programmatic environment, whereas the Bidder makes available information that is covered by consent passed on by the Bidder or Bidder suppliers.
RTB -- Adludio may use Ad Serving Data to optimise the performance of the ad campaigns we are bidding for using a Real-Time Bidding Platform. For every relevant auction we receive a bid request. This request is sent over HTTPS and is processed by our servers inside protected AWS VPC. After we reply to the bid request we delete the request data.
Reporting Logs -- When we buy inventory using a Bidder, we receive logs with details about auctions we won. This data is sent to us using secure channels using tools like AWS S3 and AWS Kinesis. This data contains End User IP addresses, locations, browser details, websites name, app name, and all bid-related details, and we may use it for campaign optmisation and reporting purposes.
You can read more about the Bidder Data we receive at https://docs.beeswax.com/docs/data-feeds.
Adludio Engagement Data -- In addition to standard digital advertising metrics, Adludio also tracks “user engagements” that form the core offering of Sensory Ads.
Every time an ad is loaded in the user browser or app environment, Adludio tracks a set of events triggered by the engagement (including engagement gesture, clicks, skips, etc). We send this data with auction_id back to our servers over the HTTPS channel.
Third Party Tracking -- Adludio may implement third-party performance tracking mechanism, such as click-through links and tracking pixels, per the request of our clients who receive and may share with us daily aggregated reports, used to monitor the performance of the campaigns.
These mechanisms may store user IP address, store a cookie in the user browser and get information about the browser.
Cookies -- Adludio doesn’t stre any cookies in End User browsers in the context of Ad serving. However, the Bidder (used t buy ad inventory) and its supplies may store cookies in the End User browser to profile inventory, to fulfill targeting requirements. For this use, Adludio does not target individual (identifiable) users, we only focus on the environmental variables like type of device, domain name and geographical location of the user.
Third party tools may also store cookies in the End User browser to help measure and monitor the ad campaign performance accurately. These cookies are governed by the third party and/or domain (publisher) terms.
Aggregated Reporting -- In order to fulfill our service proposition, Adludio aggregates raw Bidder Data and Adludio Engagement Data for monitoring, optimisation and reporting purposes. Aggregation is usually executed in the form of daily sums and/or campaign lifecycle totals.
Aggregated reports are used to track performance and delivery of campaigns, and are shared with our clients (the advertiser) as part of our contractual obligations.
Storage of Ad Serving Data
Ad Serving Data is stored in AWS data centres in AWS North Virginia (USA) and the Republic of Ireland.
There are two types of Ad Serving Data
Raw Data -- Information we collect via the Bidder (containing IP address, locations and details about the user browser) and tracking logs we store in encrypted S3 buckets with appropriate access control policies.
We keep Raw Data for 90 days. This allows us to check and ensure that the relevant and subsequent aggregations are correct.
Aggregated Data -- Aggregated (non-identifiable) information is stored in secured and encrypted databases in the AWS data centres. At this stage we no longer store IP addresses, device IDs and location we have received from the Bidder.
We may store aggregated data indefinitely or as long as normal business operations will require.
Adludio adheres to the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. To learn more about interest based or online behavioral advertising, and other advertising companies’ privacy practices and opt-out from each or any of them (including Adludio), you may also go directly to the DAA website at http://www.aboutads.info/choices/.
2. Sharing and disclosure of Personal Information
II. Advertiser Customers. We may share Ad Serving Data per the terms described in section 1.IV.
III. Third Party Service Providers. We may share your information with reliable Third Party Service Providers that support us in fulfilling our service obligations. We may also share information with third parties that help us operate and market our services, per the situations described in section 1. We ensure that such third parties are contractually obligated to protect your Personal Information, as required by law.
IV. Compliance with the Law. Adludio may disclose your information to courts, law enforcement, or government authorities, or authorised third parties, if and to the extent we are required to do so by law or in a good-faith belief that such action is necessary or advisable in order to comply with any laws of any country or region which may assert jurisdiction) or in order to respond to a judicial or other governmental action, order, subpoena, request, demand or warrant. We may make such disclosures without providing notice to you.
V. Against Liability or Fraud. We reserve the right to disclose one or more clients’ and/or individual users’ information if it is appropriate or necessary in Adludio’s discretion in order to: take precautions against liability; protect against fraudulent, abusive, or unlawful uses; investigate or defend against any third-party actions or allegations (including assisting a client or third party to do so); assist government enforcement agencies; or protect the security, integrity, rights, property, or personal safety of Adludio, its systems and services, as well as its employees, clients or others.
Adludio may also may disclose your information under circumstances not mentioned above, with prior consent of the entity or third-party that submitted the information to us.
3. Transfer of information across regional/national borders
Adludio’s servers are located in the US and in the Republic of Ireland. Any information collected and provided to us, including Personal Information, will be transferred to and processed through our servers in the US and/or the Republic of Ireland.
4. EU General Data Protection Regulation (GDPR)
Adludio is committed compliance with GDPR which comes into effect on 25th May, 2018. If you are a resident of the European Union and are subject to jurisdiction under The European Parliament, you have the following rights:
If you wish to exercise any of the above rights, send us an email at email@example.com.
Before we process any request, we may ask you for certain Personal Data to verify your identity, and in situations where Adludio is the Data Processor, consult with the Data Controller of your data. Where permitted by local law, we may reject requests that are unreasonable or impractical. Please allow us a reasonable time to respond to your inquiries and requests.
Users residing in the EU who are not satisfied with our response, or believe we are processing your personal data not in accordance with the law, data subjects covered under the GDPR framework have the right to lodge a complaint with a supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement.
5. Sharing and Social Media Features
Adludio works with social media tools, services and networks, such as LinkedIn, Facebook and Twitter. We provide users with both proprietary and branded tools to enable them to share an item of Distributed Content, solicit or refer other users to view Distributed Content, or express or broadcast their opinion about an item of Distributed Content.
In some cases, the use of these tools will require a user to provide personally-identifiable information. For example, a user may send a link for certain content to one or more recipients by email with a personal message.
6. Security of your Personal Data
Adludio adheres by reasonable technical and organisational security protocols to safeguard Personal Data that is submitted to us via our Site or Services, according to the voluntary principles of information sharing outlined in this document.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot control the actions of third-parties with whom you elect to share your Personal Data and we cannot assume responsibility or liability for disclosure of your information due to errors in transmission, unauthorized third-party access or other causes beyond Adludio’s reasonable control.. We cannot guarantee that only authorised persons will view your Personal Data. We cannot ensure that information you share on our Site and/or through our Services will not become publicly available.
7. Children’s Privacy
Adludio adheres to strict protocols to safeguard children’s privacy. You must be at least 13 years old to use the Site and/or our Service. We do not knowingly collect Personal Data from any child under 16 years of age without consent or authorisation of the holder of parental responsibility over said child, per EU GDPR guidelines. If you are under 16 years of age, do not use our Services and do not provide any Personal Data to us. If you are a parent of a child under 16 years of age and become aware that your child has provided Personal Data to Adludio without your consent, please contact us at firstname.lastname@example.org or email@example.com and you may request access, correction, deletion, and/or objection rights.
9. Contact Information
10c Warner Street,
UK phone: +44 (0) 20 0333 0222
US phone: +1 (929) 296-1555
APAC phone: +65 868 690 35