Protected provides its customers, including online advertisers, online publishers and online platforms (“Web Asset Owner”) with transparency and accountability by identifying and detecting fraudulent and potentially fraudulent activities in relation to digital advertising (“Services”).
Please read the following carefully to understand our use of your personal data through our Services (as defined below).
Changes to this policy
Date of this policy
This policy was last updated on 24 May 2018.
WHO WE ARE
Protected is a software company that works with Web Asset Owners to help them detect fraudulent behaviour in relation to digital advertising on their website, application, advertising media and other digital properties (“Digital Properties“). To do this Protected collects personal data on online users, through the Platform; all in order to help Web Asset Owners identify fraudulent and invalid activities . Reducing fraudulent and invalid activity increases faith in digital advertising.
Protected, whilst part of the ad-tech eco-system, is not an advertising company. We do not share individual consumer profiles or buy, sell or targeted online advertising, and thus, our disclosure of personal data is very limited (as set out further in the section marked “Who we share personal data with”).
What do we mean by personal data?
“Personal Data” is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. It can take the form of a name or address and, now, under new data protection laws in Europe, this can extend to uniquely generated IDs, IP addresses and other “unique identifiers”.
We cannot identify an online user by name, or find out where they live, but instead it gives us a picture of how a user interacts with a Digital Property which we may assign to a user of our Platform.
PERSONAL DATA WE COLLECT, AND HOW AND WHY WE COLLECT IT
Personal data we collect
As part of our Services, we collect and process the following information:
- IP address;
- viewability of a Digital Property (including pages viewed and interaction with the page – such as mouse movements);
- mobile Identifier for advertisers such as IDFAs and other identifiers;
- country location;
- cookie IDs.;
- HTTP header data (including Digital Property address, operating system, plug in,)..
The combination of this information, with a unique identifier is personal data. We do not collect and process any Special personal data.
How do we collect personal data?
We use the following types of cookies:
- Analytical/performance cookies. They allow us to see how users move around Digital Properties when they are using it.
- Functionality cookies. These are used to recognise you when you return to Digital Properties (so we can assess whether you are a human).
End users can configure their browser preferences not to accept these cookies however this may result in reduced functionality and would lower our ability to reduce fraud.
We use profiling to analyse your activity on Digital Properties to assess and monitor Digital Properties for fraudulent activity.
Why we collect personal data and our lawful basis for processing
Protected collects information, including personal data, in order to identify and prevent fraud online (including in respect of online advertising and ecommerce). We also use such information for our internal operations (including trouble shooting, data analysis, testing and statistical purposes). We do not use any personal data other than as necessary to execute our Services.
EU Privacy law requires us to have a “lawful basis” for collecting and using processing data. We collect this information for our legitimate interests. These are two fold (a) our legitimate interest, and our client’s legitimate interest, in preventing fraud; and (b) our legitimate interest in managing client relationships and the ongoing improvement of our Services.
WHO WE SHARE PERSONAL DATA WITH
Protected may disclose personal data to third parties in the following ways:
- We may disclose personal data to our affiliates subject to these obligations.
- Service Providers. We may disclose personal data to our third-party service provider Google.
- Clients. We provide our clients (who nevertheless already have access to all of their data that we monitor) with access to aggregate information. They may however receive granular details, including, where appropriate, your personal data should they wish to investigate an identified fraud incident.
- Compliance and Safety. We may disclose personal data as necessary or appropriate under applicable laws to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
- Merger, Sale, Etc. We may disclose personal data in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Protected’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).
HOW WE SECURE YOUR PERSONAL DATA
We seek to protect against the loss, misuse, and alteration of your personal data collected, used and processed by us as part of the Services, using reasonably high standard security measures (such as encryption and other applicable measures based on the type of personal data and applicable processing activity).
HOW LONG DO WE PROCESS PERSONAL DATA FOR?
We process personal data for 12 months. After this period, we will delete the personal data except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
We may aggregate and keep non-personal data for as long as is necessary for us to provide and improve our services but not in a way that would identify you personally.
WHERE DO WE PROCESS PERSONAL DATA?
The data that we process in relation to users may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“) that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who works for us or for one of our suppliers.
- In order to store it.
- Where we are legally required to do so.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
We may transfer your personal information to the following:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, including Israel and the US.
When transferring EEA data to Israel, we rely on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA.
When transferring EEA data to the US, we rely on the EU-US Privacy Shield.
WHAT ARE YOUR RIGHTS?
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data concerned (please see the section on obtaining access to your personal data, below).
- You may request that any incorrect personal data about you that we are processing be rectified.
- In certain circumstances (normally where the personal data has been provided by you and it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned subject to some specific legal reasons we may have to retain certain data relating to you.
- You may, in certain circumstances, object to the further processing of your personal data.
- You may request that your provided personal data be moved to a third party.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us.
How to exercise your rights
You can exercise your rights as follows:
- By contacting as to firstname.lastname@example.org.
Please note that we ask you for further information in order to confirm your identity before we provide any information requested or enact your request. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (to your habitual residence, your place of work, or an alleged infringement of the GDPR) (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
OUR DETAILS – CONTACTING US
Our full details are:
Protected Media Ltd.
HaLapid 12, Petach Tikva, Israel