LAST UPDATED January 25th, 2019
This document describes the role of Kiosked in ensuring data protection and privacy in its business and how we process personal data in our business.
Our Role in Ad Mediation Process
Kiosked is a technology provider enabling ad mediation between publishers and advertisers, i.e. connecting publishers’ online inventory and buyer side demand of advertisers. In its core Kiosked service is an intermediate technology provider serving both publishers and advertisers to execute optimised ad mediation process through its advanced online advertising technology.
Kiosked service dynamically creates and connects publishers’ inventory offering with advertisers’ demand on Kiosked marketplace in real-time-bidding environment. Kiosked acts as a data processor and processes personal data on behalf of data controllers (publishers, and in some cases advertisers or adnetworks). Kiosked enters into a separate data processing agreement (DPA) with the data controllers according to EU data protection laws, e.g. General Data Protection Regulation (GDPR).
In some cases Kiosked may become a controller, or a joint-controller of personal data depending on contractual obligations between Kiosked and its advertising network and advertising partners. In such situations we may act as a data controller. We will in such situations collect and process personal data so that Kiosked can serve its customers and market its products and services. The collection and processing of personal data is always based on legislation, customer or service agreement, the legitimate interest of Kiosked or the consent of the data subject. We are happy to clarify which ground is applied in each situation.
As an intermediate technology provider Kiosked receives and processes, together with its sub-processors such as hosting partners and advertising networks, necessary personal data of the data subject, in order to be able to execute ad mediation. This data falls roughly into two categories: “HTTP header data” and “clickstream data” and it managed and processed according to IAB standards on real-time-bidding (RTB) ad mediation. The former data category may include information about browsers and devices of users, device identifiers, cookie information and the IP address from which the device accesses the service. The latter data category refers to the information that the data subject leaves behind while visiting a website and which stored as form of log files. No sensitive personal data, as defined by the GDPR, will be collected or processed by Kiosked.
Publishers as data controllers are obligated to collect and manage data subjects’ consent and/or a legal basis to process relevant personal data required to provide Kiosked service. To enable optimal performance and effective consent mechanisms Kiosked supports IAB consent framework (https://iabtechlab.com/standards/gdpr-transparency-and-consent-framework/) in its ad mediation data processing.
Opting Out of Behavioural Advertising
Kiosked advertising clients and partners may use behavioural elements, such as behavioural advertising to end users, in order to provide more relevant services and content to you. Such customized content may be tailored to you based on data we process on you as a part of our services to our partners.
Some of our advertising clients and partners are members of the Network Advertising Initiative and/or participate in the Digital Advertising Alliance Self-Regulatory Program. Both of them provide opt-out mechanisms for their respective members or participants. You can learn of your rights and your possibility to influence how data on your online activities are processed by going to http://www.networkadvertising.org/managing/opt_out.asp, http://www.aboutads.info/choices/, or http://www.youronlinechoices.eu (if you are located in the European Union). Note that the opt-out websites linked above may not reach all of our advertising partners and certain behaviourally targeted advertising may still be displayed to you. Also, note that opting out of behavioural advertising does not mean you will no longer receive online advertising. It means that the company from which you have opted out of receiving behavioural advertising will no longer deliver ads tailored to your web behaviour and usage patterns.
Some of our publisher clients have their own opt-out mechanisms that are linked to their sites or their online-posted privacy policies. You should review the privacy policies of those publishers and companies for these opt-out links if you no longer wish to receive targeted advertising from a particular company, or multiple companies.
We will only retain personal information as long as necessary for the fulfilment of those purposes. Upon request, we provide more detailed information concerning data storage times.
Third-Party Service providers
We may employ agents, contractors, and third-party companies and individuals to operate our service and perform related services which allow to perform our obligations under the agreements with publishers and advertisers. These third parties may have access to your personal information and other information collected as set forth above but only to perform these tasks on our behalf and they are obligated not to disclose your personal information or use it for any other purpose.
We may need to disclose or transfer your personal information, in connection with a merger, acquisition, reorganization or sale of our assets or part thereof or of Kiosked. The relevant data controller will be advised of these changes in accordance with our agreements with them and their approval may be required before such disclosure is made.
We take security seriously. Kiosked uses commercially reasonable and industry standard safeguards to preserve the integrity and security of your personal information. We restrict access to personal information to those employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to confidentiality obligations. While Kiosked endeavours to protect the security and integrity of personal, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers.
Your information may be transferred to, and maintained on, computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with the agreements with our data controllers. In doing so we will comply with the applicable data protection laws.
Our Policy Towards Children
Our service is not directed to children. We do not knowingly collect personal information from children. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, please contact us. If we become aware that a child has registered for our service and has provided us with personal information, we will delete such information from our files.
Your rights under the data protection legislation
You have the right to inspect what information related to you has been stored in our personal data files. You have a right to have incomplete, incorrect, unnecessary or outdated personal data deleted or updated according to the applicable laws. If you have any questions relating to our processing of your personal information that are not answered by this document you should primarily turn to the publisher or advertiser who acts as the data controller for your personal information. You can also contact us via e-mail and contact address specified below. In addition to the rights described above you are entitled to make a complaint to the data protection authority, especially in the European Union country where you have your domicile or permanent work place or where the claimed breach of data protection regulation occurred. In Finland this authority is the data protection ombudsman.
If you have any questions relating to our processing of your personal information that are not answered by this document you should primarily turn to publishers, and in some cases advertisers or adnetworks as the data controller. If you have any questions regarding this document or Kiosked’s privacy practices, please contact us or our data protection representative Mr. Timo Saloranta (DPO) via e-mail at firstname.lastname@example.org, or by mail at Kiosked Oy Ab Tammasaarenkatu 3 HTC Pinta 2nd Floor00180 Helsinki, Finland We seek to swiftly answer your questions and resolve any concerns you may have.
Changes to this document
From time to time we may change this data protection statement. You can tell when changes have been made to this document by referring to the Last Updated legend on top of this page. Any changes to this data protection statement will become effective when we post the revised document on Kiosked’s website (www.kiosked.com/privacy-policy). If you continue to use the services following any changes to this data protection statement, you accept any such changes we have made.