PRIVACY POLICY

1. Introduction

This Privacy Policy describes how SMADEX (“we”, “our”, “us”) collects and uses certain information (Personal Data) of targeted end users and our clients (Data Subjects) during our digital advertising services, the steps we take to protect it, the parties to whom we disclose it, and the choices and rights that the Data Subject has regarding how we collect and process their Personal Data. 

This Privacy Policy is in compliance with the current data protection regulations, such as the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (2020) and the Organic Law 3/2018 of December 5 on Protection of Personal Data and Guarantee of Digital Rights.

SMADEX participates in the IAB Europe Transparency & Consent Framework (TCF) v2.2 and complies with its specifications and policies. 

SMADEX identification number within the TCF (vendor registration) is 161.

2. What does this privacy policy cover?

The privacy practices and policies that we outline in this Privacy Policy will apply to the way that we use your Personal Data. To such extent, you can fall into one of the following categories:

  • “Targeted End User”: using mobile apps provided to you by advertisers, vendors and other partners (acting as an “End User”).
  • “Clients”: requesting the provision of Services from us through our webpage.

3. Who is the Data Controller?

A data controller is the natural or legal person who determines the purposes and means of the processing of Personal Data.

  • Data Controller: SMADEX, S.L.U. 
  • CIF. B65322034
  • Headquarters:  C/ Diputació 303 Primera Planta. 08009 Barcelona – Spain.

Email: privacy@smadex.com

4. Data Protection Officer

A Data Protection Officer (DPO) is the person in charge of safeguarding the fundamental right to the protection of Personal Data at SMADEX as well as ensuring that we process such Personal Data in compliance with the applicable data protection laws and regulations.

Our Data Protection Officer can be accessed at the following online and post addresses:

privacy@smadex.com
Smadex S.L.U
C/ Diputació 303 Primera Planta. 08009 Barcelona – Spain

You can contact our Data Protection Officer in case you want to exercise any of your Data Protection Rights (refer to section 12), or if you have any question concerning this Privacy Policy.

5. Personal Data that we will collect

When you visit a website or use an application that uses the SMADEX technology, we collect certain information about you and your device, for the purpose of serving advertisements to you.

5.1. Categories of Personal Data we collect about Targeted End Users:

Category (Personal Data type) Example
Identifiers
  • Device ID
  • IP address
  • Cookie identifiers
Internet activity information
  • Data concerning the displaying of the advertising, such as date/time of viewing, and the website or application where the advertisement was displayed
  • Data concerning your activities and actions on the advertiser sites and apps  if you click on the advertising
Geolocation information
  • City
  • Region, country
  • Zip code
  • Geographic coordinates (if you have enabled location services on your device)

5.2. Categories of Personal Data we do NOT collect about Targeted End Users:

  • Special categories of data (art. 9 GDPR): Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • SMADEX does not use any data that allows us to identify you directly, such as your first and last name, postal address or email address.

5.3. Categories of Personal Data we collect about our Clients:

Category (Personal Data type) Example
Identifiers
  • Name
  • Company Name
  • Email
  • Phone number
  • Business Address
  • City
  • Region, country
  • Zip code

6. Use of your Personal Data

We use the categories of data mentioned above, primarily to deliver to you targeted advertising we believe will be of your particular interest. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at 

https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

6.1.  The Personal Data for targeted users that we may process can fit in the following categories:

Purpose/Activity Description of processing Legal Base
Display of Personalized Advertising
  • Displaying personalized advertising on websites and in mobile applications.
    • Data collection by SMADEX of the data detailed in clause 5 from third parties that are part of the online advertising supply chain like Advertisers’ and Publishers’ websites and mobile applications.
    • Recording, organizing and analyzing this data in order for SMADEX to decide:
      • a) whether or not to display an advertisement or to promote sponsored advertisements of particular brands on publishers’ properties; and
      • b) choose the ad to be displayed on the device
    • Purchase advertising space.
    • Display personalized ads on Publisher websites and mobile applications.
  • Consent
  • Legitimate Interest
Managing, monitoring and attribution of the campaigns.
  • Measure performance of ads displayed.
  • To enable standard advertising controls
  • Matching user conversions (e.g. purchases, app installs) to campaign events, like clicks and displays.
  • To protect and investigate fraudulent or illegal activity
  • By using device and cookie identifiers, we can track whether users that click on or simply see the advertisement we display and whether they actually buy or subscribe to any of our client’s product or service
  • Cookies or online identifiers can be stored or read on your devices for improving our campaigns.
  • Consent
  • Legitimate Interest
Retargeting and segmenting
  • To create lists of devices that we want to target in our campaigns (at the request of our clients)
  • To segment Internet users into different audiences that can be targeted separately. In such cases, SMADEX does not act as data controller, but as data processor
  • Cookies or online identifiers can be stored or read on your devices to be used in our campaigns
  • Consent
Development and improvement of our service
  • Information of your activity, including interactions with advertisements or content, serves as crucial data for the enhancement of products and services. This data helps in refining existing offerings and developing new products and services based on user interactions and audience characteristics, ensuring compliance with legal standards and regulations.
  • Legitimate Interest
Ensuring security, preventing and detecting fraud, and fix errors
  • Your Personal Data may be used for the purpose of monitoring, detecting, and preventing anomalous or potentially fraudulent activities, such as instances involving advertising and artificial ad clicks. Additionally, this Personal Data allows us to ensure the proper and secure functioning of systems and processes as well as it to address and rectify any issues that may arise during the delivery of content and advertisements.
  • Training data models to improve the performance of Smadex’s advertising operations.
  • Your Personal Data may be processed to ensure compliance with anti-bribery  and anti corruption.
  • Legitimate Interest
  • Legal Obligation
For Compliance with Legal Requests and Litigation Response
  • We may process your Personal Data in response to requests from government bodies or courts and to address litigation matters
  • Legal Obligation

SMADEX DOES NOT process Personal Data for the purposes described in Article 22 GDPR (“Automated individual decision-making, including profiling”).

Aggregate data

The statistical purpose implies that the result of processing for statistical purposes is not Personal Data, but aggregate data. This means that Personal Data is not used in support of measures or decisions regarding any particular natural person (Recital 162 GDPR).

In addition to the uses detailed above, we may process user data as an aggregate, anonymous and non-individual level, for the following purposes:

  • Operate and improve our technology.
  • Conduct research and development.
  • Report on campaign performance with our clients. 
  • Carry out campaign forecasting.

6.2. In particular, we can divide all the potential processing of the data for Clients in the following categories:

 

Purpose/Activity Description of processing Legal Base
Providing SMADEX services
  • To fulfill your requests for using SMADEX services
  • Legitimate Interest
Marketing campaigns
  • To send you marketing communications (with consent where required by applicable laws) unless you have indicated otherwise to us.
  • Consent
  • Legitimate Interest

7. How SMADEX obtains the consent of the Targeted End Users

The Transparency and Consent Framework (TCF) is an industry-standard developed by the Interactive Advertising Bureau (IAB) to provide transparency and control over the processing of Personal Data for online advertising. It enables us to obtain user consent in a standardized and user-friendly manner.

8. Means of collection of your Personal Data

Most of the Personal Data we process is not directly collected by SMADEX but collected and transferred to us by a third party supplier which is part of the online advertising supply chain, (e.g. real time bidding  platforms). Where applicable, such parties have obtained consent from the relevant data subject, in order to transfer their data to us.

SMADEX may gather Personal Data about the Targeted End User from various sources in line with our legitimate interests. This could involve accessing publicly available databases or obtaining data from third parties, including marketing data. The integration of this information with our existing records enables us to update, expand, and analyze our databases, pinpoint new customers, provide marketing services, and deliver more customized advertising, products, and services.

9. Retention of your Personal Data

We may retain the Personal Data we collect, such as the IP address and other information described above, for up to a maximum of 12 months  before we aggregate that data into summary reports.

We store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for more than ninety (90) days.

10. Access to your Personal Data

We share the Personal Data with other companies operating in the online advertising industry, for the purposes described in Section 6 of this Privacy Policy.

We may enter data processing agreements with the following categories of data recipients for the indicated purposes below:

Categories of Data Recipients Purposes
Real Time Bidding Platforms
  • Managing advertisement campaigns
Advertisers
  • Retargeting
  • Segmenting
Trackers
Data Management Platforms
Technology Suppliers
  • Performance monitoring 
  • Retargeting
  • Segmenting

11. Where will collected Personal Data be processed?

Whenever we transfer Personal Data out of the EU, EEA, Switzerland & UK we ensure that at least one of the following safeguards is implemented:

  • We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. 

We may transfer data subject to specific contracts approved by the European Commission, which ensures that Personal Data the same protection it has in Europe regardless of where it is processed (Standard contractual clauses 2021).

12. Your Personal Data Rights

Our advertising technology does not collect any information that directly identifies you as an individual, and instead only collects certain digital identifiers that may identify your device or your Internet browser.

As such, in order for us to give you access to Personal Data connected with your digital identifiers, you will need to provide us with additional information, as explained below, to enable us to locate relevant records.

12.1. Your rights

If you are a resident within the European Economic Area (EEA), UK and Switzerland you will have the following rights: 

  • The right to be informed. You have the right to be informed about how we collect and use your Personal Data, how long we plan to keep that data, and who we will share it with. 
  • The right of Access. You have the right to know exactly what information SMADEX has collected about you, how we are storing and processing that data, and what we are going to do with it. 
  • The right to rectification (correction). You have the right to have incomplete data completed and incorrect data corrected. 
  • The right to erasure. You have the right to have Personal Data permanently deleted. This is also known as the “right to be forgotten.” Please note that this right doesn’t apply if the processing of data that’s subject to an erasure request is necessary to comply with a company’s legal obligations.
  • The right to restrict processing. If you can´t require that we erase your Personal Data, you have the right to restrict our ability to process that data, under certain circumstances.
  • The right to data portability. Individuals have the right to obtain and reuse their Personal Data for their own purposes across different services. Data subjects can request that data controllers send their Personal Data files electronically to third parties. If technically feasible, companies must provide the data in commonly used, machine-readable formats.
  • The right to object. You have the right to object to the processing of your Personal Data in certain circumstances. For example, if an organization uses Personal Data for direct marketing, scientific and historical research, or to perform a task in the public interest. However, we may still process the data to establish or defend legal claims, or if we can demonstrate there are legitimate grounds that override individuals’ interests and rights.
  • The right to not be subject to automated decision making. You have the right to demand human intervention, rather than having important decisions made by algorithms. Companies are required to inform people that they will be subject to algorithmic decision-making and let them know that they can opt out of it.

To exercise any of these individual Privacy Rights, refer to section 11.3 below. 

If you make a Data Subject Rights request as set out in this Privacy Policy, we will provide you with any information we might have concerning your data identifier, including where available transaction logs reflecting where we have used our technology in order to deliver an advertisement to you, and we will follow your instructions concerning the correction, removal and processing of such data.

In addition, you may also opt-out of receiving marketing communications from SMADEX. If you would like to exercise this right, please write to us at the contact details indicated below.

Please note, however, that we have a very short retention period for most files with digital identifiers that we store or process. Therefore, we may not be able to give you any files at all. In these cases, we will inform you that we have not been able to locate any records associated with your digital identifiers.

12.2. If you are a resident of California, you may have the following additional rights with regard to the Personal Data we maintain about you:

Shine the Light California residents are entitled to request and obtain from SMADEX a list of all the third parties to which we have disclosed certain Personal Data
(as defined by California´s Shine the Light Law) during the preceding year for those third parties´ direct marketing purposes.To request this information, please contact us at privacy@smadex.com. In the subject of the email include “California Shine the Light Request” and include your mailing address, state of residence and email address so we can provide a response.
Privacy Rights for California Minors in the Digital World If you are a California resident under the age of 18, and a registered user of our Website, you can request and obtain removal of content or information you have publicly posted. To make such a request, send an email with a detailed description of the specific content or information to privacy@smadex.com

Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

California Individual Privacy Rights
(California residents can exercise these privacy rights with respect to their Personal Data)
  • Right to Access Personal Data. You have the right to know (i) the categories of Personal Info we have about you; (ii) the categories of sources from which that Personal Data was collected (iii) Our business or commercial purpose for collecting, selling, or sharing your Personal Data (iv) the categories of third parties to whom we disclose Personal Data(v) the specific pieces of Personal Data we have collected about you.
  • Right to Know What Personal Data is Sold or shared and to Whom. You have the right to know what Personal Data of yours is being sold or shared, and with whom. 
  • Right to Deletion: You have the right to request that we delete the Personal Data that we have collected or maintain about you. There may be circumstances under which we will be unable to delete such Personal Data, such as if we need to comply with our legal obligations. 
  • Right to Correct Inaccurate Personal Data. You have the right to request us if we maintain inaccurate Personal Data about you, taking into account the nature of this Personal Data and the purposes of the processing. To such extent, we shall use commercially reasonable efforts to correct the inaccurate Personal Data.
  • Right to Opt Out of Sale or sharing your Personal Data. You have the “right to opt-out” of sale or sharing of your Personal Data. If you do not affirmatively opt out, and you are not a minor (under 16), your Personal Data may be sold as disclosed in this Privacy Policy. You can submit your request to opt out of the sale or sharing of your Personal Data by completing our “California Right to Opt-Out of the Sale or Sharing Personal Data” request form available here.
  • Right to Limit Use and Disclosure of Sensitive Personal Data. You have the right to limit, at any time, the use and disclosure of your sensitive Personal Data, except when we use such Personal Data in a way reasonably expected by an average consumer.
    • For information purposes, “sensitive Personal Data”  includes any private information that divulges any of the following: i) personal identification numbers, including social security, driver’s license, passport, or state ID card number; ii) account or debit or credit card numbers combined with passwords or codes that would enable access to the accounts; iii) a user´s exact geolocation; iv) a user’s racial origin, religious beliefs, or union membership; v) a user’s mail, email, or text message content unless the information was intentionally sent to the business; a user´s consumer’s genetic data, such as DNA simples; vi) the processing of any biometric data to identify a consumer, and vii) Personal Data concerning a user’s health or sexual orientation.
  • Right of No Retaliation. If you choose to exercise any of these rights, Entravision will not discriminate against you in anyway.
Column 1 Value 4 Column 2 Value 4

To exercise your California rights, complete our “California Consumer Request” form available here.

If we are unable to comply with your requests, we will let you know the reason why.

We will take steps to verify your identity before processing your request, which may include requesting information from you to match with information we already have about you. 

12.3 How to make a request

Step 1: Locating your digital identifiers.

For us to locate relevant records, we will need you to provide us with your digital identifiers. You can find your digital identifiers as follows:

  • Web Browsing

As described in this privacy policy, our advertising technology may operate by using text files called “cookies” that are placed on your device. Some of these cookies include a digital identifier. To locate these digital identifiers, you can search through your cookies for the cookies named smxtrack, or smaxtrackid_{{order_id}}, where “order_id” is a number. The text in each of these cookies is a separate digital identifier.

Please keep in mind that different cookies are placed on each browser that you use to access the Internet. As a result, if you use multiple browsers (for example, Google Chrome and Mozilla Firefox), you will need to locate the different cookies for each browser. If you need assistance locating these cookies for your browser, please feel free to email us for assistance at privacy@smadex.com.

  • Mobile Devices

Additionally, certain mobile devices (for example, mobile phones or tablets using the iOS or Android operating systems) generate a persistent “Advertising Identifier” per device, which, among other things, can be used by third parties for purposes of providing you with targeted advertising. On iOS devices, your Advertising Identifier may be referred to as an “IDFA,” “IFA,” or an “ID for Advertising.” On Android devices, your Advertising Identifier may be referred to as an “Advertising ID.” Please follow instructions from your mobile device manufacturer on how to locate your specific Advertising Identifier.

Step 2: Verification of Your digital identifiers

In order to make sure that we are only providing Personal Data to the correct person, we also will need some supporting proof to demonstrate that you are indeed connected to the digital identifiers you located in Step 1. For digital identifiers stored in cookies, please take a screenshot of each cookie, taking care to make sure that the screenshot shows both the name of the cookie and the full digital identifier. For digital identifiers located on a mobile device, please take a screenshot of a screen that displays the digital identifier. Additionally, please sign and send a scanned copy of a statement attesting that the digital identifiers you have locate are indeed associate with you, with a copy of a national ID or passport.

Step 3: Contacting us.

Once you have located your digital identifiers and can provide us with verification concerning them, you should reach out to us. The easiest way to do so would be to email us at privacy@smadex.com. Please make sure to include the following information in your email:

  • Your full name
  • The country in which you are located at the time you are making your request.
  • A full list of your digital identifiers
  • Supporting proof, as described in Step 2
  • A signed statement, as described in Step 2

You can also make a subject access request by mail, by sending a written request with all of the above-listed information to the following address:

Data Protection Officer
SMADEX, S.L.U.
C/ Diputació 303 Primera Planta
08009 Barcelona
Spain

You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Agencia Española de Protección de Datos (Spanish Agency for Data Protection).

13. How do we protect minors?

We take special consideration to protect the safety and privacy of children. Our Website and our platform is intended for users of all ages except for children under the age of 13 in general in the United States or 16 in the European Union and in the California State. Therefore, such children may not provide any Personal Data to or on the Websites. 

If we learn we have collected or received Personal Data from any subject of the referred ages, we will delete it automatically. 

If you are a parent or a legal guardian and believe your child under 13 in the United States or under 16 in the European Union and in the California has provided us with Personal Data without consent, please contact us at privacy@smadex.com.

14. Use of cookies and other technologies

We use cookies and other standard web technologies to collect information, which include the following:

Technology Purpose of Use
  • “Cookies”: data files that often include a unique identifier and are placed on a visitor’s device or computer.
To operate our technology and collect user information. 

-For more information about cookies, and how to disable cookies, visit 

https://www.allaboutcookies.org 

Using “cookies” we also enable third-party vendors, including Google to serve ads based on someone’s browsing history.

  • “Tags and Pixels”: blocks of code that we and our customers may use to track your navigation of websites or apps using our technology, and your browsing behaviour.
To synchronize information that we have collected with information independently collected by our suppliers, advertisers, and other third parties that are interested in providing you with ads.
  • Other: locally stored objects
to collect user information with the aim of assisting with the delivery of ads and to provide reporting to the advertisers

15. How long is this Privacy Policy updated?

We reserve the right to amend this Privacy Policy at any time to reflect changes to our practices or for other operational, legal or regulatory reasons, which will be posted on this page. Please check this Website periodically for updates.

The date of this Privacy Policy was last revised is identified at the top of the page. 

If we make material changes to how we treat your Personal Data, we will notify you to the e-mail address provided by you or through a notice on the Website home page.  Your continued use of our Website after such amendments will be deemed your acknowledgement and consent of these changes to this Privacy Policy.