geolad GmbH ("we" or "our") is a data processing company offering state of the art, privacy-led data analytics and advertising solutions ("Service/Services") for different industries. We strive for our Services to respect the privacy of users. To achieve these aims, geolad fulfils its privacy and data protection principles when creating, developing, and delivering its Services. geolad does not process data that directly identifies an individual, such as an encrypted name, address, or government issued IDs.
1.1. Definitions related to Involved Parties
Different parties are involved in geolad's Services. They are denoted throughout this document as follows:
geolad's Customers are all those entities that use our data for targeting and statistical reporting:
- Advertisers: Companies as brands, agencies, and other entities that deliver targeted display ads to end users
- Publishers: Owners of web domains that geolad provides with aggregated statistics about the visitor traffic on their websites
- Demand Side Platforms: Systems used for campaign management that enable advertisers to buy ad placements in real-time and to deliver display ads to you on those placements
- Ad Servers: Systems used for campaign management that enable advertisers to book static ad placements in advance and to deliver display ads to you on those placements
- Data Management Platforms: Systems used for collecting and analysing anonymous datasets from different sources, and for creating and forwarding aggregated targeting categories from these datasets
- Publishers: Owners of web domains, that enable geolad to collect Application Specific Data
- Mobile Network Operators: Corporate entities that provide a wide range of wireless communications services, and enable geolad to collect Data Profiles
Publishers: owners of web domains, that enable geolad to collect Application Specific Data
Mobile Network Operators: corporate entities that provide a wide range wireless communications services, and enable geolad to collect Data Profiles
1.2. Definitions related to Data Collection:
Application Specific Data: Geolad collects Application Specific Data through integrations with its partner Publishers. The collected Application Specific Data are as follows:
- Cookie IDs are randomly generated unique identifiers pertaining to HTTP cookies. The IDs do not allow the identification of real user identities. Every web domain needs to generate its own Cookie Identifier in a certain browser.
- HTTP cookies are small text files downloaded from a website and stored in the user's web browser for a given website. Such HTTP cookie can be used for e.g. recognizing a re-visiting customer or for maintaining a website login during the lifetime of a session.
- Types of cookies include (but are not limited to):
- Permanent Cookies: will remain operational, even if you close your browser,
- Session Cookies: cookies that are only valid during your current visit of a certain website. At any point in time cookies can be blocked for certain websites or deleted all at once from the user's browser in the settings of your browser (to read more about opting out from geolad's cookies, please refer to Section How to Opt-out from our Services?
- Advertising IDs are anonymous, user-specific, unique and resettable identifiers of a mobile device used for advertising purposes.
- Advertising IDs include two types:
- AAID (Google Advertising ID): advertising ID available on Android devices,
- IDFA (Identifier for Advertising): advertising ID available on iOS devices.
- At any point in time Advertising IDs can be reset or deactivated within your device settings (to read more about how to reset or deactivate your Advertising ID, please see Section How to Opt-out from our Services?.
- When your device sends a request to the geolad server, geolad is able to access the IP-address allocated to your device by your internet service provider.
- Different devices may share the same IP-address.
- Geolad does not process individual IP-addresses, but extracts aggregated information from it (e.g. name or region of your internet service provider).
- When you visit the website of one of our partner Publishers, your browser may send additional information associated to your request, e.g. if and from which earlier website you have been directed to the current website (i.e. HTTP referrer URL) or information related to the software version of your browser (i.e. HTTP user agent). We may use such additional information to collect aggregated targeting profiles, e.g. interest categories, device type categories etc.
- You can deactivate the sending of referrer URL or user agent information within the settings of your internet browser, apart from the opt-out functionality offered by geolad see also Section How to Opt-out from our Services?.
Data Profiles: Geolad collects Data Profiles through integrations with partner Data Owners (e.g. Mobile Network Operators). The collected Data Profiles may include the following demographic information:
- Location information: e.g. zip-codes of the billing location
- User demographics: e.g. gender, age-groups
- Average monthly spending categories
Aggregated Categories: Geolad may create segments that include a large number of Data Profiles and Application Specific Data (e.g. generate a target group of profiles that are Female, Age: 20 to 30, living in Graz.) Aggregated Categories are made available for geolad Customers via DSPs and Ad Servers.
2. Data Processing
Geolad and its sub-processors process the Data Profiles and Application Specific Data received from its partner Data Owners.
Geolad's partner Data Owners may collect geolad specific data (online/offline) from its clients. Geolad ensures that its Data Owners are in line with GDPR and supports them with all the required information in order to comply with GDPR. As a member of International Advertising Board, Geolad commits to the highest industry standards as the IAB Code of Conduct.
Geolad creates anonymous target groups for display advertising (i.e. Aggregated Categories) based on Application Specific Data and/or Data Profiles. These target groups are composed of segment lists: all Advertising IDs or Cookie IDs that are associated to the definition of a target group (e.g. sports enthusiasts) are collected in a distinct segment list. Geolad subsequently shares these lists with its Partners for targeted advertising and/or analytics purposes.
3. Legal Basis for Data Processing
According to the European General Data Protection Regulation (GDPR), geolad is obliged to provide information concerning which legal basis geolad uses for the processing of data, how geolad makes use of personal information (also with regard to disclosure), which measures are deployed for protecting your privacy and personal data, as well as how geolad may be contacted if you have any privacy concerns.
This privacy statement applies to all Application Specific Data and Data Profiles, provided that they contain personal information as specified in applicable European laws and regulations.
Geolad and its partner Data Owners process data on the legal basis of the "legitimate interests" (see art. 6(1)(f) GDPR) for providing targeted advertising based on customized audience segments.
Geolad conducts regular data protection impact assessments (DPIA) to weigh out any possible impact on users, their rights and freedoms, before any data is processed.
It should be noted that geolad's partner Data Owners or other third-parties providing Data Profiles or Application Specific Data to geolad, may wish to make use of their own privacy policies and other legal bases such as "consent" to process personal data and provide it to geolad.
Geolad does not knowingly utilize, collect or share with third-parties any data concerning users under the age of eighteen. Should we discover otherwise, Geolad will take reasonable measures to guarantee that this policy is continued to be fulfilled.
4. Protection of Personal Data
Geolad implements technical and organizational measures to secure any received personal data. Geolad has designed its solution to ensure that throughout the entire usage cycle, user data is protected and secured from loss, being stolen and unauthorised access.
Geolad has put in place the following procedures to deal with any suspected personal data breaches:
4.1. Information Security Policy of Geolad
Geolad provides personally targeted advertising by generating browser cookies for visitors of the geolad Service and its partner Publishers. The cookie consists of a browser-specific identifier (Cookie ID) that geolad assigns to different Data Profiles and Application Specific Data. These identifiers are assigned only into Aggregated Categories, such that the categories themselves or the identifiers contained therein do not enable any indentification of individual devices by geolad or any other third-party involved.
4.2. How to Opt-out from our Services?
While you cannot stop getting ads online when you visit a specific page or certain mobile app, you can opt-out from any data processing specific to geolad Services. That is, after opting out from our Services, you will not receive less ads, but these ads will not be targeted by geolad Services anymore.
4.2.1. Opt-out from Cookie-based Processing
You can opt-out from being included in our cookie-based Services when visiting partner websites by clicking the following link:
Opt-Out from geolad services
Please mind the following important notes regarding opting out from our cookie-based Services:
- By clicking on the above link an opt-out cookie is stored in your browser and you will be forwarded to our subprocessor partner
The ADEX GmbH. On ADEX's website in section III. YOUR RIGHTS*-*2. RIGHT OF OBJECTION*-*B) ADVERTISING please click on the link "opt-out". Afterwards the website will confirm your objection with "Opt-out successful" indicating that your opt-out from data processing by geolad services is in effect. The next time you visit a geolad partner website you will be automatically excluded from any processing by geolad.
- If you use more than one browser for visiting websites, you need to visit the above opt-out link with every browser you typically use.
- In case you delete all your browser cookies, also the opt-out cookie gets deleted and you need to opt-out again by clicking the above link.
- We do honour the Do-Not-Track header sent by internet browsers. Thus, by activating the Do-Not-Track header in your browser you may persitently opt-out from our Services without the need for clicking the opt-out link above.
- After opting out from our Service, you still may receive ads that are targeted based on non-personal information, such as e.g. type of currently visited website or mobile app, time of day, etc.
4.2.2. Opt-out from Processing Advertising IDs
In case you use any mobile apps, advertising Services typically do not rely on cookie-based processing, but on accessing the Advertising ID of your device. This ID can be reset by you at any time (i.e. a newly generated ID invalidates the targeting profiles associated to the old ID). The usage of the Advertising ID for interest-based apps can also be disallowed entirely in the settings of your device. Depending on the type of device, the steps for opting out from interest-based ads (and hence from processing your device's Advertising ID) are as follows:
On Android Devices:
- Go to Menu and tap "settings"
- Go to sub-menu "Google"
- Got to sub-menu "Ads"
- Now you can (a) reset your Advertising ID by tapping on "Reset advertising ID". This will invalidate all data segments that have been established by our servers based on your previous Advertising ID. Alternatively, you can (b) opt-out from personal ads by activating the switch "Opt-out of interest-based ads".
More information on opting out from interest-based ads in Google products and Services is available under here.
On iOS Devices:
To opt out from interest-based ads on iPhones and/or iPads perform following actions:
- Go to Settings
- Got to sub-menu "Privacy"
- Got to sub-menu "Advertising"
- Now you can (a) reset your Advertising ID by tapping on "Reset Ad-ID" and confirming the reset again. This will invalidate all data segments that have been established by our servers based on your previous Advertising ID. Alternatively, you can (b) opt-out from interest-based ads by activating the switch "Limit Ad Tracking".
4.3. Secure Data Processing according to EU Data Protection Law
Data is processed by geolad and its partners only in member states of the European Union; there is no data transfer to a third country.
Servers involved in data processing are protected by physical access security, as well by state-of-the-art IT security measures: servers are secured by firewalls and can only be accessed by authorized staff members, access is protected by passwords and cryptographic keys. The software deployed for data processing is regularly tested and updated in order to avoid vulnerabilities induced by the software itself.
The staff members performing data processing are trained in required Data Protection Principles and obligated to keep confidentiality. Data is minimized by processing only the data that is required for the purpose of processing.
4.4. Encryption and Anonymization
Traffic from/to geolad's servers is encrypted based on state-of-the-art encryption methods (i.e. TLS-encryption). If IP-addresses are processed, they are anonymized by discarding the last octet of the IP-address, preventing the identification of individual visitors. Server logs created for maintenance and debugging purposes are encrypted and deleted as soon as they are not required anymore.
4.5. Security Measures
External security threads are detected by continuously operated network monitors and blocked automatically by dynamically generated firewall rules. Geolad deploys periodic security audits for detecting and fixing any vulnerabilities that may evolve over time.
4.6. Additional Information
Geolad's Services rely on a subcontractor Data Management Platform (DMP) for segmenting Data Profiles and Application Specific Data into Aggregated Data Categories.
For additional details on privacy and access protection measures deployed by our subcontractor DMP please refer also to the information available under DMP Privacy.
5. Personal Data Rights of Users
Users have the following rights with concerning their personal data:
- to request a confirmation whether geolad processes any of their data
- to access their data
- to opt-out/to object
- to data portability, if applicable
- to rectify inaccurate data concerning them
- to erasure of personal data
Should you have any questions or requests regarding your personal data rights, please contact us via firstname.lastname@example.org.
6. Sharing Aggregated Data Categories with Third-parties
Geolad shares Aggregated Categories with the following geolad Customers and their technical systems:
- Ad Servers
- Demand Side Platforms (DSPs)
- geolad's subcontractor DMP
Geolad Customers only see lists of segments (Aggregated Categories) that serve as targeting criteria. They do not obtain access to view Advertising IDs or Cookie IDs. Demand Side Platforms (DSPs) and Ad Servers only get access to segment names and relevant Advertising IDs or Cookie IDs.
IPAX OG, Barawitzkagasse 10/2/2/11, 1190 Vienna, Austria
The ADEX GmbH, Torstraße 19, 10119 Berlin, Germany
Additionally, geolad may process Application Specific Data in a data center located in Frankfurt, Germany operated by Digital Ocean LLC, 101 6th Ave, NY, New York, USA.
7. Data Maintenance Period
Any data involved in geolad's Services is maintained only as long as required for fulfilling the purpose of the processing, and is deleted afterwards. Additionally, users may initiate early deletion of their data from our subcontractor DMP by opting out from our Services.
8. Final remarks