Privacy & Data Protection Statement
In this Privacy & Data Protection Statements we inform you of how we collect and use certain information concerning Internet end users, in the course of our mobile advertising services.
This information is in compliance with EU Regulation 2016/679, otherwise known as the General Data Protection Regulation (GDPR). In particular, we aim to comply with the transparency and information requirement set in Articles 13 and 14 GDPR.
- Who we are
- What is our business
- What categories of data we process or collect
- How we collect data
- What categories of data we DO NOT process or collect
- What do we use this data for
- Processing data in aggregate
- Retaining data
- Sharing data
- Legal basis for our data processing
- Exercise your rights
- Contact our Data Protection Officer
- Changes in this policy
Who we are
Smadex S.L. (hereinafter ‘Smadex’) is a Spanish limited liability company operating with V.A.T. number ES B65322034, with headquarters in Spain, 08029-Barcelona, carrer Rosselló 33, sobreàtic, and registered in the Barcelona Commercial Registry with number B-399036.
You can contact us at any moment via post mail at the address mentioned above, or by e-mail at the following address: firstname.lastname@example.org.
What is our business
Smadex technology powers advertisements that can appear on web sites and on applications on your mobile devices.
You may interact directly with our servers (for example, when you click on an ad) or indirectly via the mobile web site or application that displays the ads.
What categories of data we collect and/or process
When you visit a website or use an application that uses our technology, we collect certain information about you and your device, for the purpose of serving advertisements to you.
Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered personal data in some jurisdictions, such as the European Union.
We collect the following information that may be regarded as personal data:
- IP address,
- Device identifiers such as cookie identifiers and unique device identifiers,
- Data concerning the displaying of the advertising, such as date/time of viewing, and the website or application where the advertisement was displayed,
- Certain data concerning your activities and actions on the advertiser sites, in case you click on the advertising
- Geolocation (including city, region, country, zip code, and potentially geographic coordinates if you have enabled location services on your device).
How we collect personal data
Most of this data is not directly collected by Smadex, but collected transferred to us by third party supplied within the online advertising supply chain, such as real time bidding markets. Where applicable, such parties have obtained consent from the relevant data subject, in order to transfer their data to us.
We current work with the following real time bidding markets:
- Smart AdServer
- “Tags and Pixels” are blocks of code that we and our customers may use to track your navigation of websites or apps using our technology, and your browsing behaviour. We use pixels to synchronize information that we have collected with information independently collected by our suppliers, clients, and other third parties that are interested in providing you with ads.
- “SDKs” or “Software Development Kits” are blocks of code similar to tags and pixels that are embedded into an app that allow us to track certain information relating to your use of apps using our technology.
We also use standard device identifiers, for example the “IDFA” advertising identifier used on Apple’s iOS devices, to track your use of mobile apps.
Additionally, we use other technologies, including locally stored objects, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
What categories of data we do NOT collect
We do not collect the following categories of data:
- Data that might be regarded as sensitive under Article 9 GDPR, that is information concerning your race, sexual orientation, political affiliation or religious beliefs, among others.
- Data that might be used for the purpose of online behavioural advertising, that is data concerning your Internet navigation over time, and that might be used in order to infer your personal interests.
What do we use this data for
We use the categories of data mentioned above primarily in order to deliver to you targeted advertising we believe will be of particular interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
In particular, we can divide all the potential processing of the data in three different categories:
- (1) Buying advertising slots and managing campaigns. By using device identifiers and contextual data such as geolocation, visited website, and date and hour of visit, we can deliver advertisement specifically to your phone. Managing advertising campaigns also means that we use your data for ancillary activities, such as enabling standard advertising controls, and to protect and investigated fraudulent or illegal activity.
- (2) Monitoring campaign performance. By using device and cookie identifiers, we can track whether users that click on or simply see the advertisement we manage actually visit the website of our clients, and whether they actually buy or subscribe to any product or service.
- (3) Retargeting and segmenting. At the request of our clients, we might create lists of devices that we want to target in our campaigns, because they have previously carried certain activities, such as visiting our client’s website. In doing so, we segment Internet users into different audiences that can be targeted separately. In such operations, Smadex doesn’t act as data controller, but as data processor.
We do not carry out automated decision-making processes, as described in Article 22 GDPR.
Processing data in aggregate
In addition to all the uses detailed above, we process user data as an aggregate, anonymous and non-individual level, in order to (1) operate and improve our technology, (2) conduct research and development, (3) report on campaign performance with our clients, and (4) carry out campaign forecasting.
Data processed in aggregate is not regarded as personal data, as it does not relate to any particular identified or identifiable person.
We may store the information we collect, such as IP address and other information described above, for up to 90 days before we aggregate that data into summary reports.
We store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for longer than 90 days.
We share the data with other companies operating in the online advertising industry, in order to carry out the campaign management, performance monitoring, and retargeting and segmenting functioned outlined above.
In particular, we may enter data processing agreements with the following categories of data recipients:
- With real time bidding platforms, for the purpose of managing advertisement campaigns.
- With our clients (i.e. advertising agencies and advertising networks), for the purposes of retargeting and segmenting.
- With trackers, data management platforms and technology suppliers, for the purpose of performance monitoring, and in order to carry out retargeting and segmenting.
Where our operations entail a transfer of data outside the European Economic Area, Smadex has entered into ‘model clause’ agreements with the relevant data recipient.
Legal basis of data processing
The data processing operations described above are carried out on the grounds of two autonomous and independent legal basis.
In addition to that, Smadex makes an effort to obtain consent from the relevant data subject for every data processing. Given that Smadex does not interact directly with Internet end users, consent must be obtained and transfer by other companies within the advertising supply chain that have a direct relationship with the end user.
In order to obtain, transfer and revoke such consent, we use the following technological solutions:
- The IAB standard for GDPR consent management.
Exercise your rights
If you are a resident of the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, deleted. You also have the right to withdraw any consent.
If you would like to exercise this right, please see our Data Subject Rights Policy for instructions on how to do so:
[Data Subject Rights Policy].
Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, we require you to provide us with some additional information to ensure that we provide you with accurate information.
In addition, you may also opt-out of receiving marketing communications from Smadex. If you would like to exercise this right, please write to us at the contact details provided below.
Contact our Data Protection Officer
- Please do not hesitate to contact our Data Protection Officer in case you want to exercise any of your data protection rights, or if you have any question concerning our privacy and data protection policy.
- Our Data Protection Officer can be accessed at the following online and post addresses:
c/ Rosselló 33 SA
You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Agencia Española de Protección de Datos (Spanish Agency for Data Protection).
Changes in this policy