PRIVACY POLICY
- 1. Introduction
- 2. What does this privacy policy cover?
- 3. Who is the Data Controller?
- 4. Data Protection Officer
- 5. Personal Data that we will collect
- 6. Use of your Personal Data
- 7. How SMADEX obtains the consent of the Targeted End Users
- 8. Means of collection of your Personal Data
- 9. Retention of your Personal Data
- 10. Access to your Personal Data
- 11. Where will collected Personal Data be processed?
- 12. Your Personal Data Rights
- 13. How do we protect minors?
- 14. Use of cookies and other technologies
- 15. How long is this Privacy Policy updated?
1. Introduction
This Privacy Policy describes how SMADEX (“we”, “our”, “us”) collects and uses certain information (Personal Data) of targeted end users and our clients (Data Subjects) during our digital advertising services, the steps we take to protect it, the parties to whom we disclose it, and the choices and rights that the Data Subject has regarding how we collect and process their Personal Data.
This Privacy Policy is in compliance with the current data protection regulations, such as the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (2020) and the Organic Law 3/2018 of December 5 on Protection of Personal Data and Guarantee of Digital Rights.
SMADEX participates in the IAB Europe Transparency & Consent Framework (TCF) v2.2 and complies with its specifications and policies.
SMADEX identification number within the TCF (vendor registration) is 161.
2. What does this privacy policy cover?
The privacy practices and policies that we outline in this Privacy Policy will apply to the way that we use your Personal Data. To such extent, you can fall into one of the following categories:
- “Targeted End User”: using mobile apps provided to you by advertisers, vendors and other partners (acting as an “End User”).
- “Clients”: requesting the provision of Services from us through our webpage.
3. Who is the Data Controller?
A data controller is the natural or legal person who determines the purposes and means of the processing of Personal Data.
- Data Controller: SMADEX, S.L.U.
- CIF. B65322034
- Headquarters: C/ Diputació 303 Primera Planta. 08009 Barcelona – Spain.
Email: privacy@smadex.com
4. Data Protection Officer
A Data Protection Officer (DPO) is the person in charge of safeguarding the fundamental right to the protection of Personal Data at SMADEX as well as ensuring that we process such Personal Data in compliance with the applicable data protection laws and regulations.
Our Data Protection Officer can be accessed at the following online and post addresses:
privacy@smadex.com
Smadex S.L.U
C/ Diputació 303 Primera Planta. 08009 Barcelona – Spain
You can contact our Data Protection Officer in case you want to exercise any of your Data Protection Rights (refer to section 12), or if you have any question concerning this Privacy Policy.
5. Personal Data that we will collect
When you visit a website or use an application that uses the SMADEX technology, we collect certain information about you and your device, for the purpose of serving advertisements to you.
5.1. Categories of Personal Data we collect about Targeted End Users:
| Category (Personal Data type) | Example |
|---|---|
| Identifiers |
|
| Internet activity information |
|
| Geolocation information |
|
5.2. Categories of Personal Data we do NOT collect about Targeted End Users:
- Special categories of data (art. 9 GDPR): Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
- SMADEX does not use any data that allows us to identify you directly, such as your first and last name, postal address or email address.
5.3. Categories of Personal Data we collect about our Clients:
| Category (Personal Data type) | Example |
|---|---|
| Identifiers |
|
6. Use of your Personal Data
We use the categories of data mentioned above, primarily to deliver to you targeted advertising we believe will be of your particular interest. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
6.1. The Personal Data for targeted users that we may process can fit in the following categories:
| Purpose/Activity | Description of processing | Legal Base |
|---|---|---|
| Display of Personalized Advertising |
|
|
| Managing, monitoring and attribution of the campaigns. |
|
|
| Retargeting and segmenting |
|
|
| Development and improvement of our service |
|
|
| Ensuring security, preventing and detecting fraud, and fix errors |
|
|
| For Compliance with Legal Requests and Litigation Response |
|
|
SMADEX DOES NOT process Personal Data for the purposes described in Article 22 GDPR (“Automated individual decision-making, including profiling”).
Aggregate data
The statistical purpose implies that the result of processing for statistical purposes is not Personal Data, but aggregate data. This means that Personal Data is not used in support of measures or decisions regarding any particular natural person (Recital 162 GDPR).
In addition to the uses detailed above, we may process user data as an aggregate, anonymous and non-individual level, for the following purposes:
- Operate and improve our technology.
- Conduct research and development.
- Report on campaign performance with our clients.
- Carry out campaign forecasting.
6.2. In particular, we can divide all the potential processing of the data for Clients in the following categories:
| Purpose/Activity | Description of processing | Legal Base |
|---|---|---|
| Providing SMADEX services |
|
|
| Marketing campaigns |
|
|
7. How SMADEX obtains the consent of the Targeted End Users
The Transparency and Consent Framework (TCF) is an industry-standard developed by the Interactive Advertising Bureau (IAB) to provide transparency and control over the processing of Personal Data for online advertising. It enables us to obtain user consent in a standardized and user-friendly manner.
8. Means of collection of your Personal Data
Most of the Personal Data we process is not directly collected by SMADEX but collected and transferred to us by a third party supplier which is part of the online advertising supply chain, (e.g. real time bidding platforms). Where applicable, such parties have obtained consent from the relevant data subject, in order to transfer their data to us.
SMADEX may gather Personal Data about the Targeted End User from various sources in line with our legitimate interests. This could involve accessing publicly available databases or obtaining data from third parties, including marketing data. The integration of this information with our existing records enables us to update, expand, and analyze our databases, pinpoint new customers, provide marketing services, and deliver more customized advertising, products, and services.
9. Retention of your Personal Data
We may retain the Personal Data we collect, such as the IP address and other information described above, for up to a maximum of 12 months before we aggregate that data into summary reports.
We store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for more than ninety (90) days.
10. Access to your Personal Data
We share the Personal Data with other companies operating in the online advertising industry, for the purposes described in Section 6 of this Privacy Policy.
We may enter data processing agreements with the following categories of data recipients for the indicated purposes below:
| Categories of Data Recipients | Purposes |
|---|---|
| Real Time Bidding Platforms |
|
| Advertisers |
|
| Trackers Data Management Platforms Technology Suppliers |
|
11. Where will collected Personal Data be processed?
Whenever we transfer Personal Data out of the EU, EEA, Switzerland & UK we ensure that at least one of the following safeguards is implemented:
- We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
We may transfer data subject to specific contracts approved by the European Commission, which ensures that Personal Data the same protection it has in Europe regardless of where it is processed (Standard contractual clauses 2021).
12. Your Personal Data Rights
Our advertising technology does not collect any information that directly identifies you as an individual, and instead only collects certain digital identifiers that may identify your device or your Internet browser.
As such, in order for us to give you access to Personal Data connected with your digital identifiers, you will need to provide us with additional information, as explained below, to enable us to locate relevant records.
12.1. Your rights
If you are a resident within the European Economic Area (EEA), UK and Switzerland you will have the following rights:
- The right to be informed. You have the right to be informed about how we collect and use your Personal Data, how long we plan to keep that data, and who we will share it with.
- The right of Access. You have the right to know exactly what information SMADEX has collected about you, how we are storing and processing that data, and what we are going to do with it.
- The right to rectification (correction). You have the right to have incomplete data completed and incorrect data corrected.
- The right to erasure. You have the right to have Personal Data permanently deleted. This is also known as the “right to be forgotten.” Please note that this right doesn’t apply if the processing of data that’s subject to an erasure request is necessary to comply with a company’s legal obligations.
- The right to restrict processing. If you can´t require that we erase your Personal Data, you have the right to restrict our ability to process that data, under certain circumstances.
- The right to data portability. Individuals have the right to obtain and reuse their Personal Data for their own purposes across different services. Data subjects can request that data controllers send their Personal Data files electronically to third parties. If technically feasible, companies must provide the data in commonly used, machine-readable formats.
- The right to object. You have the right to object to the processing of your Personal Data in certain circumstances. For example, if an organization uses Personal Data for direct marketing, scientific and historical research, or to perform a task in the public interest. However, we may still process the data to establish or defend legal claims, or if we can demonstrate there are legitimate grounds that override individuals’ interests and rights.
- The right to not be subject to automated decision making. You have the right to demand human intervention, rather than having important decisions made by algorithms. Companies are required to inform people that they will be subject to algorithmic decision-making and let them know that they can opt out of it.
To exercise any of these individual Privacy Rights, refer to section 11.3 below.
If you make a Data Subject Rights request as set out in this Privacy Policy, we will provide you with any information we might have concerning your data identifier, including where available transaction logs reflecting where we have used our technology in order to deliver an advertisement to you, and we will follow your instructions concerning the correction, removal and processing of such data.
In addition, you may also opt-out of receiving marketing communications from SMADEX. If you would like to exercise this right, please write to us at the contact details indicated below.
Please note, however, that we have a very short retention period for most files with digital identifiers that we store or process. Therefore, we may not be able to give you any files at all. In these cases, we will inform you that we have not been able to locate any records associated with your digital identifiers.
12.2. If you are a resident of California, you may have the following additional rights with regard to the Personal Data we maintain about you:
| Shine the Light | California residents are entitled to request and obtain from SMADEX a list of all the third parties to which we have disclosed certain Personal Data (as defined by California´s Shine the Light Law) during the preceding year for those third parties´ direct marketing purposes.To request this information, please contact us at privacy@smadex.com. In the subject of the email include “California Shine the Light Request” and include your mailing address, state of residence and email address so we can provide a response. |
| Privacy Rights for California Minors in the Digital World | If you are a California resident under the age of 18, and a registered user of our Website, you can request and obtain removal of content or information you have publicly posted. To make such a request, send an email with a detailed description of the specific content or information to privacy@smadex.com
Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested. |
| California Individual Privacy Rights (California residents can exercise these privacy rights with respect to their Personal Data) |
|
| Column 1 Value 4 | Column 2 Value 4 |
To exercise your California rights, complete our “California Consumer Request” form available here.
If we are unable to comply with your requests, we will let you know the reason why.
We will take steps to verify your identity before processing your request, which may include requesting information from you to match with information we already have about you.
12.3 How to make a request
Step 1: Locating your digital identifiers.
For us to locate relevant records, we will need you to provide us with your digital identifiers. You can find your digital identifiers as follows:
- Web Browsing
As described in this privacy policy, our advertising technology may operate by using text files called “cookies” that are placed on your device. Some of these cookies include a digital identifier. To locate these digital identifiers, you can search through your cookies for the cookies named smxtrack, or smaxtrackid_{{order_id}}, where “order_id” is a number. The text in each of these cookies is a separate digital identifier.
Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate the different cookies for each browser. If you need assistance locating these cookies for your browser, please feel free to email us for assistance at privacy@smadex.com.
- Mobile Devices
Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate a persistent “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.
Step 2: Verification of Your digital identifiers
In order to make sure that we are only providing Personal Data to the correct person, we also will need some supporting proof to demonstrate that you are indeed connected to the digital identifiers you located in Step 1. For digital identifiers stored in cookies, please take a screenshot of each cookie, taking care to make sure that the screenshot shows both the name of the cookie and the full digital identifier. For digital identifiers located on a mobile device, please take a screenshot of a screen that displays the digital identifier. Additionally, please sign and send a scanned copy of a statement attesting that the digital identifiers you have locate are indeed associate with you, with a copy of a national ID or passport.
Step 3: Contacting us.
Once you have located your digital identifiers and can provide us with verification concerning them, you should reach out to us. The easiest way to do so would be to email us at privacy@smadex.com. Please make sure to include the following information in your email:
- Your full name
- The country in which you are located at the time you are making your request.
- A full list of your digital identifiers
- Supporting proof, as described in Step 2
- A signed statement, as described in Step 2
You can also make a subject access request by mail, by sending a written request with all of the above-listed information to the following address:
Data Protection Officer
SMADEX, S.L.U.
C/ Diputació 303 Primera Planta
08009 Barcelona
Spain
You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Agencia Española de Protección de Datos (Spanish Agency for Data Protection).
13. How do we protect minors?
We take special consideration to protect the safety and privacy of children. Our Website and our platform is intended for users of all ages except for children under the age of 13 in general in the United States or 16 in the European Union and in the California State. Therefore, such children may not provide any Personal Data to or on the Websites.
If we learn we have collected or received Personal Data from any subject of the referred ages, we will delete it automatically.
If you are a parent or a legal guardian and believe your child under 13 in the United States or under 16 in the European Union and in the California has provided us with Personal Data without consent, please contact us at privacy@smadex.com.
14. Use of cookies and other technologies
We use cookies and other standard web technologies to collect information, which include the following:
| Technology | Purpose of Use |
|---|---|
|
To operate our technology and collect user information.
-For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org Using “cookies” we also enable third-party vendors, including Google to serve ads based on someone’s browsing history. |
|
To synchronize information that we have collected with information independently collected by our suppliers, advertisers, and other third parties that are interested in providing you with ads. |
|
to collect user information with the aim of assisting with the delivery of ads and to provide reporting to the advertisers |
15. How long is this Privacy Policy updated?
We reserve the right to amend this Privacy Policy at any time to reflect changes to our practices or for other operational, legal or regulatory reasons, which will be posted on this page. Please check this Website periodically for updates.
The date of this Privacy Policy was last revised is identified at the top of the page.
If we make material changes to how we treat your Personal Data, we will notify you to the e-mail address provided by you or through a notice on the Website home page. Your continued use of our Website after such amendments will be deemed your acknowledgement and consent of these changes to this Privacy Policy.