Заявление о конфиденциальности Yep Ads B.V.

These privacy rules (hereinafter called “Privacy Statement” relate to the processing of Personal Data by Yep Ads B.V. and/or its affiliated companies (hereinafter called “Companies”, “we”, “us”). Personal data means information about any identifiable person (hereinafter called “Data Subject(s)”), (hereinafter called “Personal Data”). Processing of Personal Data means amongst other things the collection, storage, recording, editing, accumulating, requesting, consulting or deletion of Personal Data.

Starting 25 May 2018, the General Data Protection Regulation, also named GDPR, is European legislation with direct effect in the European Economic Area.

We adhere to the requirements of privacy legislation in our processing. That means among other things that:

• we clearly state the purposes for which we process Personal Data. We do this through this Privacy Statement;
• we limit our collection of Personal Data to only the Personal Data that is necessary for legitimate purposes;
• we take appropriate security measures to protect all Personal Data and demand the same of parties that process Personal Data on our behalf;
• we respect the right of Data Subjects to offer, correct or delete their Personal Data upon request.

We are responsible for certain processing of Personal Data, both as data controller and data processor on behalf of client companies. In this Privacy Statement we explain which Personal Data we process and for what purposes and means. We recommend our customers and visitors to carefully read this Privacy Statement.

This Privacy Statement was last updated on September 9, 2020.

Processing of Personal Data

We act either as data controller or as data processor on behalf of client companies for the performance of our services to those client companies. As data controller we determine the purposes and means of the processing of Personal Data and we are ultimately responsible for compliance with all applicable laws and regulations for the protection of Personal Data. Also, as data controller we have a data processing register in place. This register is part of our information security policy and, like other important privacy documents, we ensure the data processing register to be regularly evaluated and updated where necessary. If and insofar we process Personal Data on behalf of client companies for the performance of our service agreements, the client companies act as data controller and we act as data processor on behalf of the client companies. In these events the client companies determine the purposes and means of the processing of Personal Data and they are ultimately responsible for compliance with all applicable laws and regulations for the protection of Personal Data.

As data processor, we will only process Personal Data in a way that is necessary for the provision of our service agreements and in accordance with the instructions of the applicable client company. Exceptions to the foregoing shall only apply in the event of a legal obligation resting on us as data processor.

Without prejudice to the existing contractual arrangements with client companies, we will treat all Personal Data in strict confidence and inform employees and sub- processors involved in the processing of our Personal Data about the confidential nature of Personal Data. We ensure that these employees and sub-processors sign an adequate confidentiality agreement.

We process Personal Data so that we can provide digital media services to advertisers and publishers across a range of channels in connection with distributing and/or promoting and/or displaying advertisements (meaning text-based, graphical, interactive, rich media and video, or other digital advertisements, including, without limitation, banners, buttons, towers, skyscrapers, pop-ups, pop-unders and video advertisements) for Data Subjects visiting web and/or mobile and/or other digital sites used by the publishers, as determined by the advertisers; and also the delivery of performance marketing software that allows media buyers and affiliate networks to track, manage, analyze and optimize media campaigns by providing data analytics. (hereinafter called “Services”).

We may collect Personal Data directly from Data Subjects when they (register to) use our Services, post on our blog, contact our support team, and visit our website. In doing so, we may use the Personal Data we have collected from them for purposes related to our Services - including but not limited - to:

• verify Data Subjects’ identity;
• administer our Services;
• notify Data Subjects of new or changed services offered in relation to our Services;
• carry out marketing or training relating to our Services;
• assist with the resolution of technical support issues or other issues relating to our Services;
• соблюдать законы и нормативные акты в применимых юрисдикциях;
• решать вопросы разрешения споров и борьбы с мошенничеством;
• communicate with Data Subjects. The types of Personal Data and categories of Data Subjects processed are as follows:

• Types of Personal Data: User IP-address;
  User device ID;
  HTTP referer (необязательное поле HTTP-заголовка, которое определяет адрес веб-страницы, связанной с запрашиваемыми ресурсами;
  User-agent string identifying the user's browser and device type;
  Unique identifier for bid request.
• Categories of Data Subjects:
  Visitors on the internet;
  Customers of publisher/affiliate partners.

By using our Services, Data Subjects consent to their Personal Data being collected, held and used in this way and for any other use they authorise. We will only use Personal Data for the purposes described in this Privacy Statement or with express permission of a Data Subject. The Companies guarantee that the processing of Personal Data will be solely based on one of the legal grounds set forth in article 6 GDPR.

Правовая основа

The processing of the Personal Data is necessary for the provision of our Services and/or based on individual permission. We also conduct statistical research with Personal Data. In those events we have a legal interest in conducting research in order to improve our Services.

Сроки хранения

We will store Personal Data that falls under a legal retention obligation in accordance with the duration of this legal retention obligation. For example, we retain Personal Data that forms part of the statutory basic administration for a period of five to seven years after the termination of the relevant commercial agreement. In all other cases we will keep the Personal Data for a maximum period of 1 (one) year after the end of the relevant commercial agreement, unless the privacy statement of an affiliated company contains a deviating retention period for that particular affiliated company. We recommend our customers and visitors to carefully read the applicable privacy statement(s) as well.

Привлечение третьих лиц и обмен с ними

As data controller we can engage other parties as data processors to perform an aspect or part of our Services to our customers and users; this could be a platform we use for our Services. As far as these third parties need access to Personal Data to perform our Services, we have contracted the correct, contractual, technical and organisational security measures to ensure these third parties use or process the Personal Data solely for the intended purposes and conform the instructions we agreed to with these third parties.

Furthermore, we will not provide Personal Data to other parties without permission of Data Subjects, unless this is legally required or permitted. For example, it is possible that investigative authorities request Personal Data from us in the context of fraud investigations. In that case, the Companies are legally obliged to provide this Personal Data.

When we share Personal Data with third parties that are considered separate data controllers, each party shall be able to determine the purpose and means of processing the Personal Data held under its control in accordance with its privacy notice. With respect to the separate controllership of each party and without the intention of entering into a joint-controllership as defined in article 26 GDPR, we shall enter into a partner agreement with such separate data controllers, that sets out the framework for the sharing of Personal Data between the parties and defines the principles and procedures that the parties shall adhere to and the responsibilities the parties owe to each other. The shared Personal Data will only be processed as far as is necessary according to the purposes and in order to fulfil the obligations as set out in the partner

agreement and the parties guarantee that the processing of Personal Data will be solely based on one of the legal grounds set forth in article 6 GDPR.

Безопасность

We have implemented the following security measures to protect Personal Data:

• our system is accessible from the Companies’ network and via a secure VPN connection;
• мы используем защищенные соединения (HTTPS) для обеспечения безопасности передачи данных;
• мы принимаем организационные меры по обеспечению доступа;
• мы принимаем меры по обеспечению физического доступа;
• мы установили обратный прокси-сервер для противодействия DDoS-атакам

Individuals’s rights with regard to Personal Data

In the situation where we are data controller for the collection of the Personal Data and therefore directly responsible, a Data Subject can address us in writing for:

Access to Personal Data. The Data Subject can ask us whether we process its Personal Data. If that is the case, we will explain which Personal Data we process, how we process it and for which purposes. One can also request a copy of its Personal Data we process;

Correction of Personal Data. If a Data Subject feels that the Personal Data we process is incorrect or incomplete, he or she can request us to supplement or edit the Personal Data;

Deletion of Personal Data. A Data Subject can request us to delete its Personal Data we process. We will delete the Personal Data without unreasonable delay after receiving such a request, if: the Personal Data is no longer needed for the purpose we processed it; the Data Subject no longer give us permission to process it, if permission was the base for processing it; the Personal Data was processed by us as part of direct marketing; the Data Subject objects against the processing of it and there is no reason (anymore) why we should still be permitted to process the Personal Data; there is a legal reason to delete the Personal Data.

Limitation to processing Personal Data. In some cases the Data Subject might want a limitation to the processing of its Personal Data. In that case, one can request us to limit the Personal Data we process. We will comply with such a request if (after investigation) it turns out to be possible, for example if one doesn’t want all of its Personal Data deleted, but other Personal Data is no longer necessary for the original purpose.

Portability of Personal Data (data portability). The Data Subject can request a copy of its Personal Data we process.

A Data Subject can also indicate the right to object if he or she doesn’t agree with our processing of the Personal Data.

If a Data Subject believes that we do not handle its Personal Data properly, he or she can submit a complaint to us. In the event the parties cannot resolve it and our response to the complaint does not lead to an acceptable result, the Data Subject has the right to submit a complaint about us to the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”). More information about this regulatory body and the submission of complaints can be found at www.autoriteitpersoonsgegevens.nl.

To exercise these rights, the Data Subject can contact us via the contact details at the bottom of this Privacy Statement. We will send a written response within 4 weeks.

Веб-сайты третьих лиц

This Privacy Statement does not apply to third-party websites that are linked to our website through links. We cannot guarantee that these third parties will handle Personal Data in a reliable or secure manner. We recommend that visitors read the applicable privacy notice before using such third-party website.

Изменения в Положении о конфиденциальности

Мы оставляем за собой право вносить изменения в данное Положение о конфиденциальности. Мы рекомендуем посетителям регулярно знакомиться с данным Положением о конфиденциальности, чтобы быть в курсе этих изменений.

Политика использования файлов cookie

Мы используем файлы cookie на наших веб-сайтах и в наших приложениях. Любой посетитель может отключить cookies для всех сайтов в своем браузере.

Что такое файлы cookie? Cookies - это небольшие простые текстовые файлы, которые отправляются на компьютер, планшет или мобильный телефон посетителя при посещении веб-сайта. Файлы cookie повышают удобство работы с нашими сайтами и приложениями.

Зачем мы используем файлы cookie? Мы используем файлы cookie для анонимного мониторинга количества посетителей на сайте, посещаемых страниц и запросов информации. Используемые нами файлы cookie не содержат имен и адресов; сохраняются только данные об их использовании (посещенные страницы, технические данные и IP-адрес). Эти данные используются для анализа использования и посещения, чтобы мы могли оптимизировать наши веб-сайты и приложения и в будущем еще лучше обслуживать посетителей. Естественно, мы будем бережно обращаться с этой информацией.

Что происходит при отключении файлов cookie? Если файлы cookie отключены, мы получаем меньше информации об использовании нашего сайта и не можем оптимизировать его, чтобы в будущем еще лучше обслуживать посетителей.

Отключение файлов cookie. Если посетитель предпочитает не использовать файлы cookie, он может в любой момент отключить их или удалить из браузера. Инструкции по изменению настроек браузера можно найти в разделе "Помощь" на панели инструментов большинства браузеров.

To grant visitors of websites more choice in how their Personal Data is used by Google Analytics, they can also download the Google Analytics Opt-out Browser Add-on.

Cross-border data transfers

Consumers' personal information may be transferred outside of Quebec (for Quebec consumers) or outside of Canada (for non-Quebec consumers). We ensure any transfer of personal information by us which is undergoing processing or is intended for processing after transfer outside of Quebec, or outside of Canada to a third country, shall take place only if, subject to the other provisions of this Privacy Statement, all applicable laws on data protection are complied with.

Общая контактная информация

Yep Ads B.V.
Weteringschans 109
1017 SB AMSTERDAM
Тел. +31 (0)20 240 2530.

Контактная информация Сотрудник по защите данных

Г-н Филипп ван Вейнен
Электронная почта: [email protected].