LAST UPDATED April 6th, 2020
This document describes the role of Kiosked in ensuring data protection and privacy in its business and how we process personal data in our business.
Our Role in Ad Mediation Process
Kiosked is a technology provider enabling ad mediation between publishers and advertisers, i.e. connecting publishers’ online inventory and buyer side demand of advertisers. At its core the Kiosked service is an intermediate technology provider serving both publishers and advertisers to execute optimised ad mediation process through its advanced online advertising technology. Publishers with direct relationships with their users are obligated to collect and manage data subjects’ consent, opt-out and/or any other applicable legal basis to process relevant personal data required to provide Kiosked service.
Kiosked service dynamically creates and connects publishers’ ad inventory offering with advertisers’ demand on Kiosked marketplace in real-time-bidding environment. As an intermediate technology provider Kiosked receives and processes, together with its sub-processors such as hosting partners and advertising networks, necessary personal data of the data subject, in order to be able to execute ad mediation. This data falls roughly into two categories: “HTTP header data” and “clickstream data”. These are managed and processed according to IAB standards on real-time-bidding (RTB) ad mediation. The former data category may include information about browsers and devices of users, device identifiers, cookie information and the IP address from which the device accesses the service. The latter data category refers to the information that the data subject leaves behind while visiting a website and which stored as form of log files.
Kiosked participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Kiosked’s vendor ID is 751.
The General Data Protection Regulation 2016/679 (“GDPR”) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. In the context of the GDPR Kiosked acts as a data processor and processes personal data on behalf of data controllers (publishers, and in some cases advertisers or ad networks). In order to comply with the applicable laws Kiosked enters into a separate Data Processing Agreement (DPA) with the data controllers. Full details on Kiosked Data Processing Policy can be found here: https://kiosked.com/data-processing-policy-dpp/. In some cases Kiosked may become a controller, or a joint-controller of personal data depending on contractual obligations between Kiosked and its advertising network and advertising partners. In such situations we may act as a data controller, and collect and process personal data so that Kiosked can serve its customers and market its products and services. The collection and processing of personal data is always based on legislation, customer or service agreement, the legitimate interest of Kiosked or the consent of the data subject. No sensitive personal data, as defined by the GDPR, will be collected or processed by Kiosked.
The California Consumer Privacy Act (“CCPA”) grants Californian consumers new rights to opt-out of the sale of their personal information. Under the CCPA, the transfer of user data in programmatic advertising may be considered the “sale” of personal information, in which case users must be provided with the opportunity to opt-out. Since Kiosked’s publisher clients have a direct relationship with users, Kiosked will rely on its publisher clients to provide this opt-out opportunity by including a “Do Not Sell My Personal Information” link on their properties. Kiosked is a participant of the IAB CCPA Compliance Framework For Publishers & Technology Companies, and our technology is compliant with both CCPA and GDPR requirements enabling publishers to pass forward appropriate signals of user opt-out (CCPA) and/or consents (GDPR) as applicable. Kiosked strongly encourages its publisher clients to implement an IAB-registered consent management platform and adopt the IAB Consent Framework to comply with the CCPA/GDPR requirements. Kiosked relies on publisher clients to let Kiosked know when users elect to opt-out.
Opting Out of Behavioural Advertising
Kiosked advertising clients and partners may use behavioural elements, such as behavioural advertising to end users, in order to provide more relevant services and content to you. Such customized content may be tailored to you based on data we process on you as a part of our services to our partners.
Some of our advertising clients and partners are members of the Network Advertising Initiative and/or participate in the Digital Advertising Alliance Self-Regulatory Program. Both of them provide opt-out mechanisms for their respective members or participants. You can learn of your rights and your possibility to influence how data on your online activities are processed by going to http://www.networkadvertising.org/managing/opt_out.asp, http://www.aboutads.info/choices/, or http://www.youronlinechoices.eu (if you are located in the European Union). Note that the opt-out websites linked above may not reach all of our advertising partners and certain behaviourally targeted advertising may still be displayed to you in case privacy laws, such as the GDPR or CCPA, do not apply. Also, note that opting out of behavioural advertising does not mean you will no longer receive online advertising. It means that the company from which you have opted out of receiving behavioural advertising will no longer deliver ads tailored to your web behaviour and usage patterns.
Some of our publisher clients have their own opt-out mechanisms that are linked to their sites or their online-posted privacy policies. You should review the privacy policies of those publishers and companies for these opt-out links if you no longer wish to receive targeted advertising from a particular company, or multiple companies.
We will only retain personal information as long as necessary for the fulfilment of Kiosked business purposes, and as permitted by applicable laws. Upon request, we provide more detailed information concerning data storage times.
Cookies and tracking technology in our website
Cookies and tracking technology in our website
We use Google Analytics to track the pages you visit. For more information about this please visit:
Third-Party Service providers
We may employ agents, contractors, and third-party companies and individuals to operate our service and perform related services which allow to perform our obligations under the agreements with publishers and advertisers. These third parties may have access to your personal information and other information collected as set forth above but only to perform these tasks on our behalf and they are obligated not to disclose your personal information or use it for any other purpose.
We may need to disclose or transfer your personal information, in connection with a merger, acquisition, reorganization or sale of our assets or part thereof or of Kiosked. The relevant data controller will be advised of these changes in accordance with our agreements with them and their approval may be required before such disclosure is made.
We take security seriously. Kiosked uses commercially reasonable and industry standard safeguards to preserve the integrity and security of your personal information. We restrict access to personal information to those employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to confidentiality obligations. While Kiosked endeavours to protect the security and integrity of personal, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers.
Your information may be transferred to, and maintained on computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with the agreements with our data controllers. In doing so we will comply with the applicable data protection laws.
Our Policy Towards Children
Our service is not directed to children. We do not knowingly collect personal information from children. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, please contact us. If we become aware that a child has registered for our service and has provided us with personal information, we will delete such information from our files.
Your rights under the data protection legislation
Applicable privacy laws determine your rights regarding your personal data. You have the right to e.g. inspect what information related to you has been stored in our personal data files. You have a right to have personal data, incomplete, incorrect, unnecessary or outdated personal data deleted or updated according to the applicable laws.
To exercise any of the rights provided by the applicable laws you may contact us via email at email@example.com or via mail at Kiosked Oy Ab, Tammasaarenkatu 3 HTC Pinta 2nd Floor, FI-00180 Helsinki, Finland. If you have any questions relating to data protection or data processing of your personal information that are not answered by this document you should primarily turn to the publisher or advertiser who acts as the data controller for your personal information.
If you, as a user, have any questions relating to processing of your personal information in ad mediation process that are not answered by this document you should primarily turn to publishers, and in some cases advertisers or adnetworks, as they primarily control the user data.
If you have any questions regarding this document or Kiosked’s privacy practices including data protection, please contact us via email at firstname.lastname@example.org, or by mail at Kiosked Oy Ab, Tammasaarenkatu 3 HTC Pinta 2nd Floor, FI-00180 Helsinki, Finland.
We seek to swiftly answer your questions and resolve any concerns you may have.
Changes to this document
From time to time we may change this data protection statement. You can tell when changes have been made to this document by referring to the Last Updated legend at the top of this page. Any changes to this data protection statement will become effective when we post the revised document on Kiosked’s website (www.kiosked.com/privacy-policy). If you continue to use the services following any changes to this data protection statement, you accept any such changes we have made.