This policy

This privacy policy explains how Protected Media Ltd. and its subsidiaries (“Protected” “we“, “us” or “our“) collect, use and disclose information (“personal data” as defined further below) which we collect through our solution (“Platform“).

Protected provides its customers, including online advertisers, online publishers and online platforms (“Web Asset Owner”) with transparency and accountability by identifying and detecting fraudulent and potentially fraudulent activities in relation to digital advertising (“Services”).

This platform privacy policy explains who we are, what personal data we collect, why and how we process personal data, who we share your personal data with, and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

Please read the following carefully to understand our use of your personal data through our Services (as defined below).

Changes to this policy

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. We reserve the right to update this Privacy Policy at any time.

Date of this policy

This policy was last updated on 24 May 2018.



Protected is a software company that works with Web Asset Owners to help them detect fraudulent behaviour in relation to digital advertising on their website, application, advertising media and other digital properties (“Digital Properties“). To do this Protected collects personal data on online users, through the Platform; all in order to help Web Asset Owners identify fraudulent and invalid activities . Reducing fraudulent and invalid activity increases faith in digital advertising.

Protected, whilst part of the ad-tech eco-system, is not an advertising company. We do not share individual consumer profiles or buy, sell or targeted online advertising, and thus, our disclosure of personal data is very limited (as set out further in the section marked “Who we share personal data with”).

What do we mean by personal data?

“Personal Data” is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information.  It can take the form of a name or address and, now, under new data protection laws in Europe, this can extend to uniquely generated IDs, IP addresses and other “unique identifiers”.

We cannot identify an online user by name, or find out where they live, but instead it gives us a picture of how a user interacts with a Digital Property which we may assign to a user of our Platform.



Personal data we collect

As part of our Services, we collect and process the following information:

  • IP address;
  • viewability of a Digital Property (including pages viewed and interaction with the page – such as mouse movements);
  • mobile Identifier for advertisers such as IDFAs and other identifiers;
  • country location;
  • cookie IDs.;
  • HTTP header data (including Digital Property address, operating system, plug in,)..

The combination of this information, with a unique identifier is personal data. We do not collect and process any Special personal data.

How do we collect personal data?

Protected Services may use pixels, javascript, flash codes, cookies and other similar technologies that can place a code on a Digital Property to collect information about content interaction. Cookies are small text files placed in visitors’ computer browsers.


Protected collects information and uses tracking mechanisms such as cookies in order to provide the Services. We use these cookies and other technologies in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where the use of cookies requires user consent under applicable law, we require our online publisher or other intermediary to ensure that consent is properly obtained.

We use the following types of cookies:

  • Analytical/performance cookies. They allow us to see how users move around Digital Properties when they are using it.
  • Functionality cookies. These are used to recognise you when you return to Digital Properties (so we can assess whether you are a human).

End users can configure their browser preferences not to accept these cookies however this may result in reduced functionality and would lower our ability to reduce fraud.


We use profiling to analyse your activity on Digital Properties to assess and monitor Digital Properties for fraudulent activity.

Why we collect personal data and our lawful basis for processing

Protected collects information, including personal data, in order to identify and prevent fraud online (including in respect of online advertising and ecommerce). We also use such information for our internal operations (including trouble shooting, data analysis, testing and statistical purposes). We do not use any personal data other than as necessary to execute our Services.

EU Privacy law requires us to have a “lawful basis” for collecting and using processing data. We collect this information for our legitimate interests. These are two fold (a) our legitimate interest, and our client’s legitimate interest, in preventing fraud; and (b) our legitimate interest in managing client relationships and the ongoing improvement of our Services.


Protected may disclose personal data to third parties in the following ways:

  • We may disclose personal data to our affiliates subject to these obligations.
  • Service Providers. We may disclose personal data to our third-party service provider Google.
  • Clients. We provide our clients (who nevertheless already have access to all of their data that we monitor) with access to aggregate information. They may however receive granular details, including, where appropriate, your personal data should they wish to investigate an identified fraud incident.
  • Compliance and Safety. We may disclose personal data as necessary or appropriate under applicable laws to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
  • Merger, Sale, Etc. We may disclose personal data in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Protected’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).



We seek to protect against the loss, misuse, and alteration of your personal data collected, used and processed by us as part of the Services, using reasonably high standard security measures (such as encryption and other applicable measures based on the type of personal data and applicable processing activity).



We process personal data for 12 months. After this period, we will delete the personal data except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.

We may aggregate and keep non-personal data for as long as is necessary for us to provide and improve our services but not in a way that would identify you personally.



The data that we process in relation to users may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“) that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who works for us or for one of our suppliers.

  • In order to store it.
  • Where we are legally required to do so.
  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Where personal data is transferred by us or our affiliates in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism which may include by entering into EC approved standard contractual clauses relevant to transfers of personal information (see and that it is treated securely and in accordance with this privacy policy.


We may transfer your personal information to the following:

Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, including Israel and the US.

When transferring EEA data to Israel, we rely on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA.

When transferring EEA data to the US, we rely on the EU-US Privacy Shield.



You have the following rights in relation to personal data relating to you that we process:

  • You may request access to the personal data concerned (please see the section on obtaining access to your personal data, below).
  • You may request that any incorrect personal data about you that we are processing be rectified.
  • In certain circumstances (normally where the personal data has been provided by you and it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned subject to some specific legal reasons we may have to retain certain data relating to you.
  • You may, in certain circumstances, object to the further processing of your personal data.
  • You may request that your provided personal data be moved to a third party.

If you have a complaint about any processing of your personal data being conducted by us, you can contact us.

How to exercise your rights

You can exercise your rights as follows:

  • By contacting as to

Please note that we ask you for further information in order to confirm your identity before we provide any information requested or enact your request. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (to your habitual residence, your place of work, or an alleged infringement of the GDPR) (see

The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.



If you have any questions or comments about this Privacy Policy, the information practices of the Platform, or your dealings with Protected, you can contact us at any time:

Our full details are:

Protected Media Ltd.

HaLapid 12, Petach Tikva, Israel