§ I. General information

1. In this Privacy Policy, the terms “we” and “our” refer to Cloud Technologies SA, registered office in Warsaw (05-075), ul. Żeromskiego 7, Poland, entered into the register of entrepreneurs of the National Court Register, maintained by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, under number 0000405842, NIP (Taxpayer Identification Number): 9522106251, share capital 500.000 PLN - fully paid.
2. This Policy applies to the online advertising services we provide (“Services”). Services include advertising services based on user interests and retargeting services.
3. This Policy does not apply to data we collect via our website. Our website’s privacy policy can be found here.
4. You can contact us traditionally by writing to the address of our headquarters, by e-mail biuro@cloudtechnologies.pl or by phone: 00 48 22 535 30 50.
5. In any case regarding data processing, you can contact the person responsible for data protection at the following address: privacy@cloudtechnologies.pl

 

§ II. Data collection and processing

1. In this point we define:
   – general data categories;
   – sources and detailed categories of personal data – in the case of personal data that we do not obtain directly from Users;
   – the purposes for which we process personal data;
   – legal basis for processing.
2. Our Services consist in aggregating data about the interests of Internet users (“Users”), which is used by our partners and contractors with dedicated content. In order to provide the Services, we collect the following data (“Data”):
   – Advertising ID, i.e.  CTV ID, mobile advertising device ID (e.g. Apple’s Identifier For Advertisers (IDFA) or Google Android Advertising ID – “Internet identifiers”;
   – cookie ID;
   – hashed email addresses;
   – demographic data, e.g. the User’s estimated age, presumed gender, language spoken by the User, estimated income of the User, etc.;
   – information regarding the use of mobile applications that the User uses (or has stopped using);
   – information regarding the websites used by the User;
   – information about Users’ purchasing interests in various products or services;
   – approximate geolocation data;
   – User’s IP number.
3. The above data does not allow us to directly or indirectly identify individual Users without the need to make disproportionate efforts. We do not take such steps as part of our business. We do not combine our data with other data that could enable this. In particular, we do not collect, use or process data such as name and surname, (actual) age, address, place of residence, person identification numbers, e-mail, telephone numbers, etc. Moreover, we do not receive additional data from our Partners that together with the data collected by our technology will allow us to directly or indirectly identify the User. Notwithstanding the above, we process our Data in accordance with the standards and legal requirements reserved for personal data.
4. We use our analytical system or the systems of our partners indicated below (“Partners”) to aggregate data.
5. The data may be processed by us or our Partners. Our Partners may process data coming directly from Users or received from third parties.
6. We take appropriate steps to ensure that Users are provided with clear and comprehensive information about storing and accessing User Data.
7. We comply with legal obligations in force in individual jurisdictions, including requiring our Partners to collect User Data on the basis of express consent, where required.
8. We do not process any data constituting special categories of personal data (i.e. information regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data regarding health, sexuality or sexual orientation).
9. Our systems are designed to prevent the collection of personal data of Users under 16 years of age, and in particular we do not process any data from websites directed to children under 16 years of age.
10. We do not process data from adult, gambling or government websites.
11. We require that our Partners apply the same principles regarding the collection and processing of Data as described in this Policy.
12. We may collect data using cookies, pixels or other similar technologies. We use technology that allows us to combine Data of the same Users from different devices.
13. We do not use Data to engage in direct communication with Users.
14. We may share information collected with third parties, including:
    
    • Agencies such as:
      • Omnicom Media Group https://www.omnicommediagroup.com/disclaimer.htm
      • Xaxis https://www.xaxis.com/privacy-notice/
    • DMP partners, including:
      • Adobe https://www.adobe.com/pl/privacy/policy.html
      • Eyeota https://www.eyeota.com/privacy-policy/
      • Liveramp https://liveramp.com/privacy/
      • Lotame https://www.lotame.com/about-lotame/privacy/
      • Nielsen https://www.nielsen.com/pl/pl/privacy-policy.html
      • Oracle https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html
      • AdSquare https://www.adsquare.com/privacy/
      • Zeotap https://zeotap.com/privacy_policy 
    • DSP partners, including:
      • Adform https://site.adform.com/privacy-center/overview/
      • AppNexus https://www.appnexus.com/platform-privacy-policy
      • BidTheatre https://www.bidtheatre.com/privacy-policy
      • Google https://policies.google.com/privacy?gl=pl
      • MediaMath https://www.mediamath.com/privacy-policy/
      • The Trade Desk https://www.thetradedesk.com/general/privacy
    • SSP partners, including:
      • AdOcean https://adocean-global.com/pl/company/privacy-policy/
      • AdThink https://adthink.com/terms/privacy/
      • ADX https://www.adx.ae/English/Pages/privacypolicy.aspx
      • Appnexus https://www.appnexus.com/platform-privacy-policy
      • Bidswitch https://www.bidswitch.com/privacy-policy/
      • Epom https://epom.com/privacy-policy
      • Exoclick https://www.exoclick.com/privacy-and-cookies-policy/
      • Gamoshi https://www.gamoshi.com/privacy-policy
      • GothamAds https://gothamads.com/privacy-policy
      • iBillboard http://www.ibillboard.com/scripts/block/cookies_and_privacy_en.php
      • Improve Digital https://www.improvedigital.com/privacy-policy/
      • OpenX https://www.openx.com/legal/privacy-policy/
      • Pubmatic https://pubmatic.com/legal/privacy-policy/
      • Pulsepoint https://www.pulsepoint.com/privacy-policy/platform
      • Smart Ad Server http://rtbplus.smartadserver.com/privacy-policy
      • Stroer https://www.stroeer.com/en/service/privacy-policy.html

    and other entities to whom we may provide services and entities that provide services to us, such as technology providers.

15. We may share the collected data within the capital group, including OnAudience Ltd, Online Advertising Network sp. z o.o., OnProspects Ltd, and The Linea1 MKT S.L.
16. We follow IAB Transparency & Consent Framework v 2.2. procedures while meeting legal and technological requirements. We are listed on the IAB Vendor List under number 243.

 

§ III. Types of data

I. Cookies

1. Cookies (small text and numeric files) are stored on Users’ devices. Cookies containing in particular information about the user’s interest categories and the advertisements clicked by the user.

2. We also use other technical means necessary to provide advertising services, such as web beacons and pixels.

3. Cookies:

– collect data regarding the use of a given website, and their main purpose is to facilitate the use of the website and adapt it to your needs and expectations;
– are placed on the Users’ end device and may also be used by advertisers and our Partners;
– they store User ID, time stamps of visiting the Website, and imprecise geolocation data;
– are not used to determine the User’s identity.

4. We use the following types of cookies:

– ID Cookie – cookies that store a randomly assigned ID assigned to the User;
– Technical Cookies – cookies that may be saved if one of our partners agrees to install their own cookie in our scope of operation.

II. Online Identifiers

Advertising identifiers are assigned by individual device operating systems and can be reset by Users at any time. These data constitute a randomly assigned sequence of alphanumeric characters, which cannot be used by us or our Partners to determine the personal data of individual Users. These identifiers are made available to us by our Partners and are used by us to merge User data from various sources by comparing them with other data from our data warehouse in order to create uniform profiles of Users using different devices.

III. Data from websites you visit

In order to assign Users to particular interest segments, we use data regarding the URL addresses of visited websites and other data, e.g. IP number.

If you use a website through which we collect cookie data, we automatically download data about visited websites from a given website. We comply with the established User data retention policy, adopting a maximum data processing period of 12 months.
We use the IP number to determine data regarding the country from which the connection is made, the Internet access service provider and approximate geolocation data. Also in this case, we apply the data retention principles described above.

IV. Hashed email addresses

We only process email addresses encrypted using algorithms that ensure that the source email address cannot be recreated. This data comes from the data sets of our Partners and is used to combine Users’ data from the use of various devices both online and offline.

V. Demographics

In order to ensure the appropriate division of Users into appropriate segments reflecting their actual interests, we process demographic data such as: the User’s estimated age, presumed gender, language spoken by the User, estimated User’s income, approximate geolocation data.

VI. Information about your applications

In the scope of the analysis of Users’ data, we may process data regarding the mobile applications used. This data is used to determine the preferences and interests of individual Users and is then used to assign Users to appropriate interest segments.

 

§ IV. Your rights

1. You have right to:

– to access your data and receive a copy thereof, i.e. to obtain information whether we process your personal data and specific information about such processing,
– to correct data, i.e. request correction of inaccurate personal data,
– to delete data, restrict data processing, provided that one of the appropriate grounds for such action applies,
– to object to data processing,
– to transmit data, i.e. receiving the data you have provided to us in a structured, commonly used and machine-readable format and, if necessary, requesting that these data be sent to another controller,
– to submit a complaint to the supervisory authority,
– to withdraw consent.

2. If you believe that the processing of your data violates data protection regulations, you have the right to lodge a complaint with the supervisory authority responsible for data protection. You can do this in the EU Member State where you usually reside, your place of work or the place of the alleged infringement.

3. To the extent that the legal basis for data processing is consent, you have the right to withdraw this consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

4. You can exercise any of your rights in relation to your data by providing us with written or e-mail information.

 

§ V. LEGAL BASIS FOR DATA PROCESSING

1. All data that we process as part of our business activities, applying the rigors assigned to personal data, while adapting to the requirements applicable in various legislations.

2. With respect to Users communicating from jurisdictions requiring it (e.g. EU, USA, CA) data is collected based on the consent granted.

3. We require our Partners who provide us with data to comply with the same requirements, which we regularly verify.

 

§ VI. INTERNATIONAL DATA TRANSFERS

If relationships with one of our clients or partners involve cross-border data flows outside the European Union, we oblige our Partners to comply with the best data protection standards, adhering without any restrictions to the Standard Contractual Clauses adopted by the European Commission or other applicable guidelines in this regard.

 

§ VII. DATA STORAGE AND DELETION

1. This section sets out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of data.
2. We process data for a period of time12 months from the date of acquisition.
3. Notwithstanding the other provisions of this section, we may store your data if storage is necessary to comply with a legal obligation to which we are subject.
   

 

§ VIII. Changes

We may update this policy from time to time by posting the latest version on our website. The new policy takes effect immediately after it is published on the website.