iotec Global Ltd. are a global provider of digital advertising services. We operate a platform which allows our customers to run digital advertising activities across both websites and mobile applications, using associated technology partners we have integrated into our platform for the purposes of delivering the best performance for the advertiser, greatest relevance to consumers and minimising risks of fraudulent activity.
– What personal data do we collect from and about you and how do we collect it?
– How, why and on what legal basis do we process your data?
– How and with whom do we share your data?
– How you can contact us with your data protection or privacy concerns and your rights under applicable data protection laws?
In this policy we use the following terms:
“iotec Global Limited”, “iotec”, “we”, “our”, “us” all refer to the legal entity iotec Global Ltd and our affiliates.
“you”, “users”, “your” are terms which refer to end consumers whose personal information we may handle and take steps to protect.
Specific aspects of data collection and processing for the iotec platform and iotec website are described in greater detail below. Some general principles of collection and processing described here are applicable to both.
In the course of delivering our internet services we may interact with your internet connected devices using common internet protocols and techniques. Our partners and clients may implement iotec pixel code and content into their web or mobile app properties, at which point your device will transfer standard information to our systems which includes; browser information; operating system type; browser language; IP address; referer address; and cookie information we may have previously assigned to your device.
In doing so, our systems receive and log information which we deem to be personal data and as such we take care to handle in compliance to applicable data protection regulations.
We deem all such information to be pseudonymous, by which we affirm that the data we collect from you is not sufficient to identify you personally without reference to additional information which we do not have reasonable access to.
We do not intentionally collect any data that is not pseudonymous. Our partners and clients may have the capability to share with us information which is not pseudonymous in its nature. Doing so is in contravention to data processing agreements we have in place with our clients and partners.
All the above data may be recorded and processed on our platform for the purposes of monitoring our technology, compliance with any legal requirements, debugging and protection against fraud or cyber attack. We undertake this processing as data controller on the basis of our legitimate interest to provide internet facing services and the standard management this entails. Our assessment is that there is no impact of this processing upon you as a data subject.
We never intentionally collect or process personal data which is categorised as sensitive (relating for example to health, religion, race, political orientation, sexual orientation, genetic information etc). We do not intentionally collect or process any personal data which relates to children. We do not process any data in relation to criminal convictions or offences.
In line with common industry practices, iotec utilise cookies and mobile advertising identifiers to identify your internet connected device.
A cookie is a small text file that is stored by your browser when interacting with our services. We assign your browser a pseudonymous identifier using a cookie which helps us to monitor the performance of our services and to ensure the most relevant adverts are delivered to you. It enables us for example, to prevent repeated delivery of the same advert to you beyond the intended number of impressions.
Mobile advertising identifiers fulfill a similar role in the context of mobile apps. On Android this identifier is known as an AAID and on iOS it is known as an IDFA. Your mobile advertiser identifier is generated by your mobile device, and made available to the apps you have installed. Where available, this identifier is shared with us by our partners as a pseudonymous unique identifier for your device.
You have control over the use of your mobile advertiser identifier using your device settings and you should refer to your device specific controls to make changes.
The information we collect from you either directly or indirectly may be transferred to and stored in a country which offers a lower level of personal data protection than your country of residence. However, we will ensure through contractual measures and our technical and organisational practices that your data is protected to the standard expected within your legal jurisdiction.
In particular when transferring data to the USA we will ensure that the parties we share data with are participants in the EU-US Privacy Shield programme.
We take security very seriously at iotec and have implemented industry standard security measures such as firewalls and encryption. However, no form of transmission of information over the internet or storage of information is 100% secure, and therefore we cannot guarantee absolute security.
You have the right to request from us, as the controller, access to and rectification or erasure of your personal data or to restrict processing concerning your data, to object to processing as well as the right to data portability. Please raise such requests to us by contacting email@example.com. We will assess your requests and provide a response to you within 30 days.
If you are unhappy with our handling of your personal data, you can lodge a complaint to us by contacting firstname.lastname@example.org. We will assess your requests and provide a response to you within 30 days. If you are not satisfied with our response, you furthermore have the right to raise a complaint to the UK data protection supervisory authority https://ico.org.uk/.
We collect personal data from you directly in two cases.
Firstly, when we service an advert to you, we collect personal data from you and are data controller for that data. In such cases, we collect a tracking identifier from your device which enables us to report our service performance to our customer. This processing is undertaken based on the legitimate interest of providing reasonable metrics on service delivery for our customers. Our assessment is that this does not constitute a privacy risk to you.
Secondly, we may collect data from you when you visit our customer’s website and the customer chooses to share your data with us. Under this circumstance, we are acting solely on behalf of our customer and our customer remains the data controller.
Beyond the personal data we collect directly from you as described above, our partners and customers share your personal data with us, which we process as a data controller. Where such data is shared with us, we undertake to assure through contractual means that the data has been collected from you legally and transparently, and that our processing of personal data is compatible with the original purposes for which the data was collected. In doing so, we may rely upon appropriate measures such as pseudonymisation to process your data under our legitimate interest in providing improved performance to our customers, and improved relevance of adverts for you. In balancing our legitimate interests against your rights and freedoms, we consider that tailoring digital adverts toward your preferences represents a minor privacy impact on you where the product or service advertised is not sensitive in nature. Considering this, we undertake that we will not consider your personal data when delivering digital advertising for sensitive products or services. You may nonetheless still receive such adverts from our platform based on alternative, non-personal criteria.
Considering the personal information described above, and other non-personal sources of data, the iotec platform is designed to make automated decisions about the relevance of digital advertising to you based on inferences we make about your interests. Given our policy relating to sensitive products or services, we do not believe that the result of this automated decision making produces any legal impact upon you.
We may receive and process your location data from our customers and partners. When such data is received in the context of an advertising opportunity, we may make a location based decision on the most relevant advert, for example to promote a local restaurant or retail outlet. We do not use this data to profile you or your interests.
As a safeguard against processing you are unhappy with, we are an approved member of the EDAA, through which you are able to opt-out of all behavioural advertising on our platform using http://www.youronlinechoices.eu/. Furthermore, you have the right to object as described in “Your Rights” above.
As part of our service, we provide statistical information to our customers to demonstrate the performance and behaviours of our digital advertising services. Some of this data may be derived from your personal data, but is aggregated and fully anonymised prior to sharing.
As part of our service, we frequently share a pseudonymised personal identifier for you with our customer so that they may independently verify the performance of our digital advertising services. In such cases, our customer is the data controller for your personal data.
We share your personal data with our contracted partners and processors and ensure by contractual means that your personal data receives the required protection. Such partners include but are not limited to:
– Providers of infrastructure and computing services
– Anti-fraud and brand safety verification partners
– Independent advertising performance reporting and verification providers
Furthermore, the pseudonymous identifier associated with your internet connected device will be shared with digital media exchanges and data broker partners solely for the purposes of enabling the transfer of personal data from them to us. This process is known as ID syncing and is common within the industry.
Beyond the general data collection described above, iotec only collects personally identifiable information with your consent, such as your name, address and contact details, if you have supplied this information to us directly via our website, email or other business system. We may process this information for a variety of reasons, including for marketing, to send you updates on our services and to keep you informed of developments at iotec. If you have signed up for updates from us, you can choose to stop receiving them by contacting us at email@example.com.
The data we collect from you using these systems may be shared with contracted data processors.
By filling out any of our contact us forms you are consenting for us to store and use your personal data for the sole purpose of responding to your enquiry. You have the right to request this data is deleted at any point and can do this by sending a request to firstname.lastname@example.org.
When downloading resources from our website your personal data is collected and stored for the sole purpose of emailing you the resource you have requested. Your personal data will only be used for marketing purposes if you have selected the opt-in box on the download form. If you do not opted-in we will not use your data to contact you for marketing purposes.
You can opt-out of receiving marketing communications from us at any point by sending an opt-out request to email@example.com or by using the unsubscribe link at the bottom of any of our marketing emails.
iotec, 1 Research Way, Plymouth Science Park, Plymouth, PL6 8BT, UK
To contact our Data Protection Officer, please email firstname.lastname@example.org.