Data Privacy and Protection
rivacy policy for users who login to our systems and personal data we may collect about you: We may from time to time obtain and hold personal information about individuals (such as your name, address, payment details).
Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide our services.How we may use your personal data.
We may use your personal data for the following purposes
1 – to help us identify you and any accounts you hold with us
2 – administration
3 – statistical analysis
4 – customer profiling and analyzing your purchasing preferences
5 – marketing—see ‘Marketing and opting out’ below
6 – fraud prevention and detection
7 – billing and order fulfilment
8 – credit scoring and credit checking—see ‘Credit checking’ below
9 – Customizing this website and its content to your particular preferences
10 – to notify you any changes to this website or our services which may affect you
11 – security vetting
12 – improving our services.
Marketing and opting out
We may share your personal data with organizations who are our business partners and we or they may contact you, unless you have asked us or them not to do so, by email about other products or services which may be of interest to you. If you prefer not to receive any further marketing communications from us, you can opt out at any time. See further ‘Your rights’ below.
Disclosure of your personal data
We may disclose your personal data to:
1 – other companies within our group
2 – our agents and service providers (e.g. providers of web hosting or maintenance services)
3 – credit reference agents—see ‘Credit checking’ below
4 – law enforcement agencies in connection with any investigation to help prevent unlawful activity
5 – our business partners in accordance with the ‘Marketing and opting out’ section above.
Keeping your data secure
We will use technical and organizational measures to safeguard your personal data, for example:
1 – access to your account is controlled by password and username which are unique to you
2 – we store your personal data on secure servers
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
To enable us to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
1 – Give consent on his/her behalf to the processing of his or her personal data
2 – Receive on his/her behalf any data protection notices.
When you use this website, we may collect information about your computer, such as your IP address and/or browser, which we will use for administration purposes and statistical analysis. This information will not usually identify you personally. We may also obtain information about your online movements and use of the internet. We do this by placing a ‘cookie’, which is a small file, on your computer’s hard disk. Cookies are used for several reasons:
1 – to recognize you whenever you visit this website
2 – to speed up access to this website (so you do not have to log on each time)
3 – to store your personal preferences
4 – to build a profile about you
5 – to better target our marketing and advertising campaigns
The vast majority of web browsers accept cookies. However, you can change your browser settings so that cookies are not accepted. If you do this, you may lose some of the functionality of this website.
For further information about cookies and how to disable them please go to: aboutcookies.org
1 – put your request in writing
2 – include proof of your identity and address (e.g. a copy of your driving license or passport, and a recent utility or credit card bill)
3 – specify the personal data you want access to, including any account or reference numbers where applicable. You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right you should:
1 – put your request in writing
2 – provide us with enough information to identify you (e.g. account number, username, registration details)
3 – specify the information that is incorrect and what it should be replaced with.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right you should:
1 – Put your request in writing (an email sent to info(at)bidsopt.com with a header that says ‘Unsubscribe’ is acceptable)
2 – Provide us with enough information to identify you (e.g. account number, username, registration details)
3 – if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email or telephone) please specify the channel you are objecting to.
Our Contact Details
Collection of information
We do not collect Personally Identifiable Information about you using the Bidsopt Mobile advertising technology. Personally Identifiable Information is information that can identify you as a person (email address, name etc.). However, we do collect non-Personally Identifiable Information that can’t be used by Bidsopt to identify you as a person that includes but is not limited to the following:
a) – Date and time of your mobile internet browsing or application usage
b) – Mobile sites visited and/or applications used
c) – Mobile internet browser used
d) – Mobile carrier or ISP name
e) – Connection type (e.g. 3G, 4G, Wi-Fi)
f) – Mobile device used (Including make and model)
g) – Device identification (e.g. Google Advertiser ID or IDFA)
h) We may also receive non-Personally Identifiable Information from publishers to improve the relevance and targeting of ads that includes but is not limited to the following:
i) – Age – where known by the publisher
j) – Gender – where know by the publisher
k) – Geographic location – where know by the publisher
How to OPT-OUT from targeted advertising We provide instructions to opt-out from targeting advertising for the two most common mobile operating systems. For Windows, Blackberry and other operating systems, you will need to check on their respective websites for opt-out instructions.
OPT-OUT for Android Opt-out of interest-based ads on Android apps:
a) – Open Google Settings
b) – Tap on Ads
c) – You need to manage Opt-out of interest-based ads
d) – If the box is checked, uncheck it to disable interest-based ads
e) – If the box is unchecked, select it in order to enable interest-based ads
f) To update your cookie setting:
g) – Open a mobile browser app
h) – Tap on the Menu key
i) – From the options for the current application that is running select More
j) – From the list of browser functions select the Settings
k) – Scroll down until you find the Accept cookies
l) – If the box is checked, uncheck it to disable cookies
m) – If the box is unchecked, select it in order to enable cookies
n) OPT-OUT for iOS
o) For iOS 6 or higher
p) To update your IDFA setting:
q) Choose Settings > Privacy > Advertising
r) Turn Limit Ad Tracking On ( Off is the default setting )
s) To update your cookie setting:
t) Choose Settings > Safari > Block Cookies
u) Choose Always / From third parties and advertisers / Never
BIDSOPT DATA PROCESSING ADDENDUM
This Bidsopt Data Processing Addendum (“DPA”) forms part of the Terms of Service, or other mutually executed written agreement(s), between Company (as defined below) and Bidsopt Pte.Ltd (“Bidsopt”) (the “Agreement”), pursuant to which Company transfers Personal Data (as defined herein) to and shares Personal Data with Bidsopt, as further described in the Agreement and in this DPA. The parties agree to comply with the following provisions with respect to Personal Data provided or made available by Company to Bidsopt.
References to the Agreement will be construed as including this DPA, and, except as modified below, the terms of the Agreement shall remain in full force and effect. Any capitalized terms not defined herein shall have the meanings given to them in the Agreement. In the event of any conflict between this DPA and the Agreement, this DPA will prevail. Reference to the “Agreement” includes any exhibits, work orders, SOWs, documentation, or other addenda incorporated into the Agreement.
The parties agree to comply with the following provisions with respect to any Personal Data of one or more Data Subjects located in the European Economic Area Processed in connection with the Agreement. The purposes of the DPA is to ensure such processing is conducted in accordance with Data Protection Laws, including the GDPR and with due respect for the rights and freedoms of individuals whose Personal Data are Processed. References to the Agreement will be construed as including this DPA. To the extent that the terms of this DPA differ from those in the Agreement, the terms of this DPA shall govern.
How to Execute This DPA
This DPA is pre-signed on behalf of Bidsopt, provided that Company is a party to the Agreement with Bidsopt, this DPA can be executed by (a) accurately completing the information on the signature page below and (b) ensuring that an authorized signatory of Company signs and submits this DPA.
Include the full, legal entity name of Company on the signature page (e.g., “Bidsopt Pte. Ltd.”).
Upon submission, this DPA will become legally binding. Company will be prompted to download a copy of the mutually signed DPA.
Please contact your Bidsopt Account Manager or email us at email@example.comfirstname.lastname@example.org with any questions regarding this DPA.
1.1 “Binding Corporate Rules” shall mean any internal corporate rules approved pursuant to the EU cooperation procedure that enables international transfers in compliance with Articles 25 and 26 of the European Union (“EU”) Data Protection Directive (Directive 95/46/EC) or Article 47 of the GDPR.
1.2 “Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data. For purposes of this DPA, each party is a Data Controller of the Personal Data that it collects, Processes, or employs to deliver its services, absent a further amendment that sets forth circumstances in which either party is a Data Processor.
1.3 “Data Processor” means an entity that Processes Personal Data on behalf of a Data Controller.
1.4 “Data Protection Laws”means all applicable laws and regulations, including, without limitation, the laws and regulations of the EU applicable to the Processing of Personal Data, such as: (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) on and after 25 May 2018, the EU General Data Protection
Regulation (Regulation (EU) 2016/679) (“GDPR”); (iii) the EU e-Privacy Directive (Directive 2002/58/EC), including subsequent variations, such as the Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (“ePrivacy Regulation”), if enacted; and (iv) any national data protection laws made under or pursuant to (i), (ii) or (iii).
1.5 “Data Subject”means the individual to whom Personal Data relates.
1.6 “Personal Data” means any information relating to an identified or identifiable person processed pursuant to the Agreement and as to which a party is a Data Controller. The types of Personal Data and categories of Data Subjects Processed under this DPA are set forth in Appendix A attached hereto.
1.7 “Privacy Shield” means the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
1.8 “Processing” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).
1.9 “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
1.10 “Transfer” means the access by, transfer or delivery to, or disclosure of Personal Data to a person, entity, or system located in a country or jurisdiction other than the country or jurisdiction where the Personal Data originated from.
1.11 The terms “Controller”, “Personal Data”, “Processor”, “Processed” and “Processing”, have the meanings given to them in Applicable Privacy Laws. If and to the extent that Applicable Privacy Laws do not define such terms, then the definitions given in EU Data Protection Law will apply.
2. PURPOSE OF PROCESSING:
2.1 Company and Bidsopt are parties to the Agreement, under which Company provides Personal Data (such as mobile advertising identifiers, IP addresses and/or precise location data) to Bidsopt. Company and Bidsopt each shall Transfer and Process such Personal Data only for the purposes described in the Agreement and this DPA, or as otherwise agreed in writing by the parties.
2.2 The parties agree that Bidsopt may Process the Personal Data for its own purposes, including to provide services for the benefit of other platforms and clients.
2.3 Neither party shall have responsibility for Processing special categories of personal data, as referenced in Article 9 of the GDPR. Neither party shall provide the other with any special categories of personal data.
3. CONTROLLER OBLIGATIONS:
3.1 Each party shall comply with all applicable laws, including Data Protection Laws.
3.2 As further set forth herein, the parties agree that when either party acts as a Data Controller of Personal Data, it will fulfill all duties required of Data Controllers under Data Protection Laws, including, without limitation (as applicable), with regard to determining the legal basis or bases for their collection or processing of Personal Data, providing sufficient notice to Data Subjects, appointing a data protection officer, managing and reporting Security Incidents, ensuring that rights of Data Subjects are honored, Transferring Personal Data, contracting with only those Data Processors that provide adequate protections for Personal Data, implementing required and appropriate contractual language in agreements with Data Processors and other Data Controllers, maintaining records of Processing, and conducting data protection impact assessments.
3.3 Each party shall have the sole obligation (as between the parties) to receive and manage Data Subject requests regarding its Personal Data, including without limitation any request to access, correct, amend, restrict processing of, port, object to the Processing of, block, or delete Personal Data. If applicable, and to the extent legally permitted, the parties shall provide each other with reasonable cooperation and assistance in relation to handling of a Data Subject’s request.
5. OBLIGATIONS SPECIFIC TO OBTAINING CONSENT FROM DATA SUBJECTS:
5.1 Company represents that it has implemented a consent mechanism or process (such as a consent screen or check-box) that is legally sufficient, where applicable, for purposes of compliance with Data Protection Laws, in that it permits Data Subjects to provide consent that is freely given, informed, specific, and unambiguous.
5.2 Bidsopt uses mobile device identifiers and geolocation data (“Device Data”) to provide its services, including for the purpose of tracking Data Subject interactions for digital advertising. Company shall, and as applicable shall contractually require its data sources to, implement appropriate notice and consent mechanisms upon its digital properties so that Bidsopt can capture applicable Personal Data lawfully through such digital properties in order to perform its services under the Agreement.
5.3 Each party shall use and honor any applicable signals and OpenRTB specifications that are passed to the other party, including any signal regarding (a) COPPA flagging, (b) GDPR consent, or (c) mobile device-based opt-outs. Company shall not provide to Bidsopt Device Data regarding any device that has opted out through device settings unless it also provides any accompanying opt-out signal (e.g., LMT=1).
5.4 Upon the development of an industry-standard consent mechanism (such as IAB Europe’s Transparency & Consent Framework), each party shall make good faith efforts to implement, list itself in, or otherwise comply with such mechanism and related consent standards. The parties shall cooperate in good faith regarding the deployment of any such mechanism.
5.5 Upon Bidsopt’s request, Company shall provide to Bidsopt any relevant information documenting its consent processes or mechanisms, and any supporting records regarding the manner in which Company obtains consent from applicable Data Subjects.
6.1 Each party will implement and maintain appropriate security measures for protection of the security, confidentiality, and integrity of Personal Data, including all measures required pursuant to Article 32 of the GDPR.
6.2 Pursuant to Article 28, Section 3(c) of the GDPR, each party will ensure (and contractually require) that any Data Processors with which it contracts take all measures required pursuant to Article 32 of the GDPR.
7. TRANSFERS OF PERSONAL DATA:
7.1 To the extent the Processing of Personal Data involves a Transfer, including if Company and Bidsopt Transfer Personal Data through affiliates, subcontractors, or other third parties, and such Transfers of Personal Data originated from the European Economic Area (“EEA”), Switzerland, or other countries or jurisdictions recognizing EU Directive 95/46/EC, each party represents and warrants that its Processing and/or Transfer of Personal Data does and will comply with all Data Protection Laws.
7.2 The provisions of Section 7.1 above are not applicable to the extent the Transfer is:
(a) to a recipient located in an EU member state of the EEA or Switzerland; or
(b) to a recipient covered by a binding adequacy determination by a competent authority with jurisdiction over either party, as applicable, (including the European Commission decisions on the adequacy of the protection of Personal Data in third countries); or
(c) subject to another approved Transfer mechanism that provides an adequate level of protection in accordance with Data Protection Laws, such as, without limitation, Binding Corporate Rules.
Company or Bidsopt may appoint third-party Data Processors to Process Personal Data for the purposes set forth herein or in the Agreement, provided that such Data Processors agree in writing to: (a) Process Personal Data in accordance with documented instructions; (b) implement appropriate technical and organizational security measures to protect the Personal Data against a Security Incident; and (c) otherwise provide sufficient guarantees that they will process the Personal Data in a manner that will meet the requirements of applicable Data Protection Laws, including all requirements under Article 28 of the GDPR.
9. MISCELLANEOUS PROVISIONS:
9.1 Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.
9.2 This DPA takes effect as of the date of last signature below (“Effective Date”) and shall remain in effect during the existence of the Agreement. Without prejudice to the remedies as set forth elsewhere herein or in the Agreement, if either party violates this Agreement, the other party is entitled to terminate the Agreement in its sole discretion and without any extra costs or expenses (provided any payments due and owing shall remain so).
9.3 Bidsopt and Company each mutually represent and warrant that (a) the person executing this DPA on its respective behalf has the legal authority to bind such party, and (b) it has right, power, and authority to (i) enter into this DPA, (ii) make the representations and warranties contained herein, and (iii) commit to and perform the respective duties, obligations, and covenants set forth hereunder.
BIDSOPT CCPA ADDENDUM
We refer to the Advertiser Terms located at https://www.bidsopt.com/terms-of-service/ (“Agreement”) which You have accepted (in the capacity of a “advertiser” or “agency” or “demand-side exchange” or “demand partner” as the context may require and also refer to as “Demand Partner” or “You”) to distribute Advertisements through Bidsopt’s advertising network and/or its demand-side platform and/or affiliate promotion properties whether operated by itself or contracted through third-party partners (“Bidsopt” or “we” or “us”) as set out under the Agreement.
We refer to the insertion order(s) or agreement (“Agreement”) between You (in the capacity of an “Advertiser” or “Agency” or “Demand-side exchange” or “Demand partner” as the context may require and also refer to as “Demand Partner” or “You”) and Bidsopt (or “we” or “Bidsopt” or “us”) to distribute Advertisements through Bidsopt’s demand-side platform or affiliate promotion properties whether operated by itself or contracted through third-party partners.
This Addendum (this “Addendum”) to the Agreement effective as of January 1, 2020 (“Effective Date”), is between Bidsopt and Demand Partner.
This Addendum consists of:
The privacy-related terms below, and the Agreement, which is incorporated by reference; for sake of clarity, this Addendum is incorporated into the Agreement.
Effective Date: January 1, 2020
Term: Valid for the term of Agreement.
This Addendum addresses each party’s obligations under the California Consumer Privacy Act (CCPA) with respect to Personal Information as such term is defined hereunder.
Capitalized terms used but not defined have the meanings given in the Agreement.
a) “Advertisements” means all the advertising content provided by Demand Partner for distribution on Bidsopt’s advertising channels including exchanges, whether owned, operated or contracted or as such term is defined under the applicable Agreement.
b) “Bidsopt” means Bidsopt Pte. Ltd. acting on behalf of itself and its affiliates.
c) The following terms have the meanings assigned to them in the CCPA: “Business,” “Consumer,” “Sale” (including sell, selling or sold), and “Service Provider”.
d) “California Consumer Privacy Act” (“CCPA”) means Cal. Civ. Code Title 1.81.5, § 1798.100 – 1798.199.
e) “Personal Information” means information that Bidsopt either provides to obtains from the Demand Partner and that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a Consumer or any individual residing in the U.S (User). Personal Information includes advertising identifiers and other unique identifiers such as Device IDs, GPID, IP Address, ADIDs and any inferences drawn from and incorporating the same to create an audience profile. Personal Information does not include any aggregated or anonymized or de-identified data.
a) Statuses of the Parties. The parties agree that Bidsopt has taken the position of a “Service Provider” under this Addendum, where it obtains Personal Information from the Demand Partner. Where Bidsopt provides Personal Information to the Demand Partner, Bidsopt understands that Demand Partner assumes the position of a “Service Provider”; should the Demand Partner determine a status contrary to the above at its discretion, it acknowledges that its determination does not impact Bidsopt’s status under this Addendum. Although the parties have taken the approach set out in this Addendum, the parties acknowledge that the applicable data protection law(s) ultimately determines status with respect to each party and accordingly each party shall comply with the requirements applicable to such party’s capacity under CCPA or applicable data protection law.
(i) Where a party is sharing any Personal Information (“Discloser”), such Discloser agrees to comply with the requirements of the applicable data protection law, specifically CCPA, as such laws apply to it in its capacity as a Discloser. Where a party is obtaining any Personal Information (“Recipient”), such Recipient agrees to comply with the requirements of the applicable data protection law, specifically CCPA, as such laws apply to it in its capacity as a Recipient. Each party shall provide reasonable assistance to the other to enable them to facilitate Users exercising their rights under the applicable data protection law, to the extent applicable.
(iii) Any notification regarding a User’s election pursuant to any privacy-related rights available to the User under applicable privacy and data protection law(s), that a Recipient is required to comply with (e.g. right to delete under CCPA), shall be notified to the Recipient by the Discloser within 48 hours of becoming aware of the same. Each Recipient shall comply with such requests as required under the applicable privacy and data protection law(s). The parties acknowledge that the Recipient may retain the User’s Personal Information solely for the purposes of billing disputes and fraud detection.
(iv) Each party acknowledges that during the term of the Agreement and for the purposes thereof:
Recipient shall only process Personal Information for the following permitted purpose(s) in relation to the distribution of Advertisements:
(1) for attribution, real-time-bidding, audience verification, and fraud detection via trackers, verification partners and affiliate post backs;
(2) for internal reporting purposes and for reporting to Discloser.
(3) for targeted advertising and optimization of campaigns.
(v) Each party acknowledges that the processing concerns: clicks and impressions data, IP Address, device identifiers, handset model/type, carrier device identifiers, HTTP headers, publisher details (such as site ID, partner ID, publisher name), campaign details (such as campaign ID, creative ID) and such other data sets as are agreed in writing between the parties from time to time.
a) Conflicts. In the event of a conflict between this Addendum and the Agreement regarding the subject matter hereof, this Addendum will prevail to the extent necessary to resolve the conflict.
b) Entire agreement. This Addendum is the parties’ entire agreement on this subject and merges and supersedes all related prior and contemporaneous oral understandings, representations, prior discussions, letters of intent, or preliminary agreements.
c) No further amendment. Except as modified by this Addendum, the Agreement remains unmodified and in full force and effect.
For EU campaigns, please refer to terms of our GDPR or other data protection terms that you may have executed with Bidsopt with respect to GDPR, as applicable.