Privacy & Data Protection Statement
In this Privacy & Data Protection Statements we inform you of how we collect and use certain information concerning Internet end users, in the course of our mobile advertising services.
This information is in compliance with EU Regulation 2016/679, otherwise known as the General Data Protection Regulation (GDPR). In particular, we aim to comply with the transparency and information requirement set in Articles 13 and 14 GDPR.
- Who we are
- What is our business
- What categories of data we process or collect
- How we collect data
- What categories of data we DO NOT process or collect
- What do we use this data for
- Your California Privacy Rights
- Processing data in aggregate
- Retaining data
- Sharing data
- Legal basis for our data processing
- Exercise your rights
- Contact our Data Protection Officer
- Changes in this policy
Who we are
Smadex S.L. (hereinafter ‘Smadex’) is a Spanish limited liability company operating with V.A.T. number ES B65322034, with headquarters in Spain, 08029-Barcelona, carrer Rosselló 33, sobreàtic, and registered in the Barcelona Commercial Registry with number B-399036.
You can contact us at any moment via post mail at the address mentioned above, or by e-mail at the following address: firstname.lastname@example.org.
What is our business
Smadex technology powers advertisements that can appear on web sites and on applications on your mobile devices.
You may interact directly with our servers (for example, when you click on an ad) or indirectly via the mobile web site or application that displays the ads.
What categories of data we collect and/or process
When you visit a website or use an application that uses our technology, we collect certain information about you and your device, for the purpose of serving advertisements to you.
Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered personal data in some jurisdictions, such as the European Union.
We collect the following information that may be regarded as personal data:
- IP address,
- Device identifiers such as cookie identifiers and unique device identifiers,
- Data concerning the displaying of the advertising, such as date/time of viewing, and the website or application where the advertisement was displayed,
- Certain data concerning your activities and actions on the advertiser sites, in case you click on the advertising
- Geolocation (including city, region, country, zip code, and potentially geographic coordinates if you have enabled location services on your device).
How we collect personal data
Most of this data is not directly collected by Smadex, but collected transferred to us by third party supplied within the online advertising supply chain, such as real time bidding markets. Where applicable, such parties have obtained consent from the relevant data subject, in order to transfer their data to us.
We current work with the following real time bidding markets:
- Smart AdServer
- “Tags and Pixels” are blocks of code that we and our customers may use to track your navigation of websites or apps using our technology, and your browsing behaviour. We use pixels to synchronize information that we have collected with information independently collected by our suppliers, clients, and other third parties that are interested in providing you with ads.
- “SDKs” or “Software Development Kits” are blocks of code similar to tags and pixels that are embedded into an app that allow us to track certain information relating to your use of apps using our technology.
- We also use standard device identifiers, for example the “IDFA” advertising identifier used on Apple’s iOS devices, to track your use of mobile apps.
- Additionally, we use other technologies, including locally stored objects, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
What categories of data we do NOT collect
We do not collect the following categories of data:
- Data that might be regarded as sensitive under Article 9 GDPR, that is information concerning your race, sexual orientation, political affiliation or religious beliefs, among others.
- Data that might be used for the purpose of online behavioural advertising, that is data concerning your Internet navigation over time, and that might be used in order to infer your personal interests.
What do we use this data for
We use the categories of data mentioned above primarily in order to deliver to you targeted advertising we believe will be of particular interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
In particular, we can divide all the potential processing of the data in three different categories:
- (1) Buying advertising slots and managing campaigns. By using device identifiers and contextual data such as geolocation, visited website, and date and hour of visit, we can deliver advertisement specifically to your phone. Managing advertising campaigns also means that we use your data for ancillary activities, such as enabling standard advertising controls, and to protect and investigated fraudulent or illegal activity.
- (2) Monitoring campaign performance. By using device and cookie identifiers, we can track whether users that click on or simply see the advertisement we manage actually visit the website of our clients, and whether they actually buy or subscribe to any product or service.
- (3) Retargeting and segmenting. At the request of our clients, we might create lists of devices that we want to target in our campaigns, because they have previously carried certain activities, such as visiting our client’s website. In doing so, we segment Internet users into different audiences that can be targeted separately. In such operations, Smadex doesn’t act as data controller, but as data processor.
We do not carry out automated decision-making processes, as described in Article 22 GDPR.
Your California Privacy Rights
- Erasure Rights for Minors: If you are a California resident under the age of 18 and a registered user of any Smadex services, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to Smadexemail@example.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
- California Individual Privacy Rights: California residents can exercise the following privacy rights with respect to their Personal Information 2-times a year free of charge. If we cannot complete the request within 45-days of receipt, we will reach out and let you know when you can expect the request to be completed, and will not take more than an additional 45-day period to do so.
- The right to know. You have the right to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your Personal Information. Generally:
- Within the preceding 12 months, Smadex has collected the categories of Personal Information detailed in Section 3 ”What categories of data we collect and/or process” above.
- Within the preceding 12 months, Smadex has sold the categories of Personal Information detailed in Section 3 ”What categories of data we collect and/or process” above. We do not sell the Personal Information of minors under 16 years old without consent from either the minor or the parent/guardian.
- Within the preceding 12 months, Smadex has disclosed the categories of Personal Information detailed in Section 3 ”What categories of data we collect and/or process” above.
- The right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. There may be circumstances under which we will be unable to delete your Personal Information, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we are unable to comply with your request for deletion, we will let you know the reason why.
- The right to equal service. If you choose to exercise any of these rights, Smadex will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of Smadex’s Sites or services.
To exercise any of these rights, contact us at +1-888-382-6755 or complete our “California Consumer Request” form available at: [Data Subject Rights Policy].
We will take steps to verify your identity before processing your request, which may include requesting information from you to match with information we already have about you.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Processing data in aggregate
In addition to all the uses detailed above, we process user data as an aggregate, anonymous and non-individual level, in order to (1) operate and improve our technology, (2) conduct research and development, (3) report on campaign performance with our clients, and (4) carry out campaign forecasting.
Data processed in aggregate is not regarded as personal data, as it does not relate to any particular identified or identifiable person.
We may store the information we collect, such as IP address and other information described above, for up to 90 days before we aggregate that data into summary reports.
We store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for longer than 90 days.
We share the data with other companies operating in the online advertising industry, in order to carry out the campaign management, performance monitoring, and retargeting and segmenting functioned outlined above.
In particular, we may enter data processing agreements with the following categories of data recipients:
- With real time bidding platforms, for the purpose of managing advertisement campaigns.
- With our clients (i.e. advertising agencies and advertising networks), for the purposes of retargeting and segmenting.
- With trackers, data management platforms and technology suppliers, for the purpose of performance monitoring, and in order to carry out retargeting and segmenting.
Where our operations entail a transfer of data outside the European Economic Area, Smadex has entered into ‘model clause’ agreements with the relevant data recipient.
Legal basis of data processing
The data processing operations described above are carried out on the grounds of two autonomous and independent legal basis.
In addition to that, Smadex makes an effort to obtain consent from the relevant data subject for every data processing. Given that Smadex does not interact directly with Internet end users, consent must be obtained and transfer by other companies within the advertising supply chain that have a direct relationship with the end user.
In order to obtain, transfer and revoke such consent, we use the following technological solutions:
- The IAB standard for GDPR consent management.
- Smadex S.L. participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Smadex identification number within the framework is 161.
Exercise your rights
If you are a resident of the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, deleted. You also have the right to withdraw any consent.
If you would like to exercise this right, please see our Data Subject Rights Policy for instructions on how to do so:
Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, we require you to provide us with some additional information to ensure that we provide you with accurate information.
In addition, you may also opt-out of receiving marketing communications from Smadex. If you would like to exercise this right, please write to us at the contact details provided below.
Contact our Data Protection Officer
Please do not hesitate to contact our Data Protection Officer in case you want to exercise any of your data protection rights, or if you have any question concerning our privacy and data protection policy.
Our Data Protection Officer can be accessed at the following online and post addresses:
- Smadex S.L.
- c/ Rosselló 33 SA
- 08029 Barcelona-Spain
You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Agencia Española de Protección de Datos (Spanish Agency for Data Protection).
Changes in this policy