We ask that you read this privacy notice (‘Notice’) carefully as it contains important information, such as: (a) who we are; (b) how, why and when we may collect, store, use and share your personal data; (c) your rights in relation to your personal data; and (d) what to do if you have a complaint.
Please note that the new General Data Protection Regulation (“GDPR”) law came into force in the United Kingdom on 25 May 2018.
1. Who we are?
Infectious Media Holdings Limited (‘we’, ‘us’and ‘our’ in this Notice) respects your privacy and is committed to protecting your personal data.
Our clients (“Clients”) are companies looking to advertise their products or services online, and our Clients use our Platform to ask us to buy advertising space on their behalf on websites offering such space (“Websites”).
For the purposes of what we do and our interactions with you, we are a ‘processor’ of your personal data, and we are appointed as a processor, by our Client. Our Client is the ‘controller’, who is ultimately responsible for your personal data and deciding how it is used.
We are also a member of the Interactive Advertising Bureau (“IAB”) and comply with the IAB industry standards, guidelines and best practices.
2. What do we do?
We use our Platform to help our Clients place targeted online display advertising on Websites that are typically owned by publishers or online service providers (“Website Owners”). Tailoring which advertisements are displayed is known as “behavioural” or “targeted advertising”.
By providing targeted online advertising, it is more likely to: (a) make the advertising you see more relevant and useful to you; (b) make the advertising more effective for our Clients; and (c) allow the Website Owner to sell the advertising space for a higher price and increase the flow of funding from advertisements that it receives.
There are 2 common methods that we use to try to ‘target’ the most appropriate advert to the most appropriate audience:
(1) “Contextual Targeting” is where we show advertisements on a specific Website, because we believe it will be relevant to the type of audience that may be visiting the Website. For example, we might show an advertisement for football boots on a football news website.
This type of targeting does not specifically target you or your device and all visitors to the Website could receive the same advertisement.
(2) “Behavioural Targeting” is where we show advertisements on a specific Website on the basis that we understand your device has been used by someone to show interest in a particular type of product or service. For example, we might recognise that your device has previously been used to visit the football boots section of our Client’s website and we could then place an advertisement for the same Client’s football boots if you visit an unrelated Website (e.g. Hotmail.com or eBay).
This type of targeting may use unique device identifiers such as cookies placed on your device (further information about identifiers are provided below). Anyone using your device could receive the same advertisement.
In summary, when you (or any other user) visits a Website, whilst the website is loading we receive a notification that the Website wishes to sell advertising space to display to you (or the relevant user). We would then look at the contents of any cookies on your browser. If your browser is set to not collect cookies or if it the cookie is set as an anonymous number, we cannot associate it with any other information or recognise any historic behaviour, so any targeted advertising we place would use Contextual Targeting.
If you research a product or service on the internet and then receive a display advert on your device relating to a similar product or service, this is usually because a company like ours has facilitated the relevant advert being shown to you.
3. Data processed by us:
As explained above, in the course of providing targeted online advertising for our Clients, we process the following information that is given to us by our Client, who has collected it from you. This information includes:
- cookie ID, web beacons, mobile device identifier and IP addresses;
- geo-location information; and
- our Client may also provide us with other unique identifier information such as a customer ID number, which will relate back to information on their systems, but does not identify you to us.
Even though most of this information relates to the identity of your device (not necessarily you), this information is considered personal data under the GDPR, and therefore we protect and use it in a way that complies with data protection laws.
We do not know your name, address, phone number, email address or other contact information.
We may also collect data from third parties or publicly available sources such as geo-location information for your device and associated information such as weather conditions.
We may also create, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate data relating to the advertisements we have placed on behalf of our Clients.
We do not knowingly collect any “Special Categories” of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We do not knowingly use or collect data to target advertising to children under the age of 12 or those in sensitive groups, as defined by the data protection legislation.
4. How your personal data is collected:
We do not have any direct interaction with you or your device and do not collect any personal data directly from you.
5. How we use your personal information?
How does this relate to my privacy and personal data?
We may use your personal data listed above and provided by our Client(such as cookies, web beacons and device ID’s) to serve Behaviourally Targeted online adverts to you, as a potential customer of our Client.
The data provided from our Client falls within the technical legal definition of personal data because, if combined with other data from a third party, it could technically be possible to identify a specific individual user (and therefore should be treated the same as other personal data).
However, we are only able to use such data to recognise your device in order to serve a targeted advertisement to it; we cannot specifically identify any individual using the device (you) directly from this data alone and we do not combine this data with any additional data that would enable us to know who you are.
Bidding for advertising space
Within the advertising ecosystem there are large number of Website Owners selling space for advertisements and advertisers (such as our Clients) wishing to buy that space to advertise online. To facilitate this market place Website Owners can either sell directly to advertisers (such as our Clients) or use intermediaries to facilitate the sale (such as us).
We use cookie IDs to match the Website Owners with our Clients and help our Clients to decide which adverts you are likely to be interested in. We then bid to the Website Owner on behalf of our Client for that advertising space and if our bid is successful, our Client will get the advertising space.
Displaying and measuring the success of the advertisements
In order to serve targeted display advertisements to you and to measure the effectiveness of advertisements, we may disclose your IP address or other device identifier to other third parties in the advertising network.
To the extent we pass personal data to third parties, we put in place contractual cover and security measures as required by GDPR (and as set out below).
We take various measure to minimise fraud within the advertising network and to drive transparency.
6. What steps do we take to keep your personal data safe?
We have put in place appropriate security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those of our personnel and other third parties who have a genuine business need to know it. They will only process your personal data on our (or the Client’s) instructions and they are subject to a duty of confidentiality.
We ask our Clients to limit the personal data they share with us to the extent necessary (i.e. a cookie ID) or any other data that is strictly necessary for us to process your data in a compliant way. We also anonymise personal data where possible, for example, we truncate IP address to ensure that we do not retain your full IP address. This would be similar to removing the last 2 letters from a postcode meaning that the pool of potential people it could refer to is wide enough that we could not identify any particular individual within the pool.
We also have procedures in place to deal with any suspected data security breach. To the extent possible, we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. However, given the nature of the personal data we may process it is unlikely we would be able to contact you directly.
7. Why can we process your personal data?
As explained above, we are an advertising intermediary and we have no direct relationship with you or any other users. Our Client is responsible for your personal data and, usually, we would expect our Client to either have a legitimate interest in allowing us to process your personal data in this way or they will have obtained your consent. If a Client has decided to obtain your consent to allow us to process your personal data in this way and advertise to you on their behalf, normally this is done either: (a) when you visit our Client’s website by having a ‘pop-up message’ asking on the website landing page whether you give consent for your cookie data to be stored or used to enable advertising to you; or (b) when you sign up as a customer of our Client.
We consider that we act as a processor of your personal data since we follow the instructions of our Client in relation to how your personal data can be used by us to arrange the display of advertisements served to you.
Our Clients (and Website Owners) may also collect other information about you as part of the service they provide to you. For example, if you are an existing customer or if you have a subscription or relationship of any type with them, they may collect your name, contact details or other information. Our Client’s collection of any such personal data is outside the scope of this Notice and our Client will do so as a controller pursuant to their own privacy notice. Our Client may give us additional information that they have collected, but we insist that they limit this information in such a way to ensure that it does not allow us to directly identify an individual from such information and therefore such information should not be personal data.
We may use your personal data to inform our Client about the Behaviourally Targeted advertisements (including across various devices) and to report on the success or other aspects of the services we provide to our Client. This is necessary for our legitimate interests and the legitimate interests of our Client (in order to keep our records updated and to study how our Clients use our services to develop them, and to enable us and our Client to grow our respective businesses) and given the limited personal data we process, we do not believe this would unduly impact any individual’s rights and freedoms.
We may also process your personal data in order to monitor for fraudulent advertising activity. We can do this processing as there is a legitimate interest in restricting fraud within advertising.
8. Transfer of your information out of the EEA
Many of the Website Owners are based outside of the EU or host their servers in locations outside the EU (such as the United States), which may require use to transfer your personal data (such as cookie ID) outside the European Union (“EU”).
Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
9. How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes it was transferred to us, including for the purposes of satisfying any legal, accounting, or reporting requirements. Cookies will last for a maximum of six months, however, you can decide to delete them earlier as we mention below. In addition, we may delete cookies sooner as often they are only used for a specific marketing campaign. As a result of this, the typical lifetime of a cookie is more like two weeks.
10. How not to receive Behaviourally Targeted advertisements
Can you tell us not to send Behaviourally Targeted advertising to you?
Absolutely, yes you can. You can do this either by not consenting to advertising if our Client asks you for your consent to receiving a cookie or notify our Client that you do not wish to receive this type of advertisements or marketing from them. You may also amend your privacy settings for your applications, browsers and platforms or services that you subscribe to.
However, please be aware that, stopping Behaviourally Targeted advertising will not mean you will not see any advertising at all. When you visit a Website, an advert may still be placed, by us or a third party, which may be Contextually Targeted or untargeted.
How to avoid web beacons and other tracking technologies
You can normally make web beacons and other tracking technologies ineffective by switching off cookies in your browser. There are also browser add-ons and extensions that can specifically block web beacons.
To avoid web beacons in emails, you can turn off images in your email service. Check your email’s “Help” section to find out how to do this.
The “Do Not Track” (DNT) setting
Some internet browsers have a DNT setting. This sends a signal to websites asking them not to track your browsing.
11. How can I see what information you have about me?
Under certain circumstances, you have rights under data protection laws (such as the GDPR) in relation to your personal data.
However, as we have explained above, given the nature of the personal data we may process about you it is unlikely that we would be able to identify you as the individual using the relevant device and therefore, you are more likely to be able to control, restrict or amend your personal data that are processed by using one of the methods set out above or by contacting the relevant Client.
If you still wish to contact us, please see our contact information below. However, in order to identify you from the device-specific personal data we may process about you, it is likely that you will have to provide us with more personal data than we already hold. As such we recommend you take the opt-out steps set out above first.
12. Can I delete my data?
Under data protection laws (such as the GDPR), you may have the right to ask us to suspend the processing of your personal data. However, as explained above, we are unlikely to be able to identify you from the device-specific personal data we may process about you and therefore, you would need to provide further personal data to allow us to identify you as the individual using a specific device and therefore we recommend you take the opt-out steps set out above first.
13. Infectious Media contact information
To get in touch with us with regards to privacy and your personal data or in connection with the advertising services we manage for our Clients, you may contact us by email or mail at the following addresses:
Mail: Infectious Media Ltd, 1 Waterhouse Square, London, EC1N2ST
14. How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a data protection supervisory authority, in particular in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
15. Changes to this Notice
This Notice was published on 25 April 2018 and last updated on 20 December 2019.
We may change this Notice from time to time and any changes we make will be posted on this page. Please check back regularly to keep informed of updates or changes to this Notice.