Revised and effective on 21 February 2021.
1. Overview and Scope
Knorex and its customers and partners enter into agreements that govern the provision and use of products and services. Customers and partners are responsible for complying with any privacy laws and regulations that require providing notice, disclosure, and/or obtaining consent prior to transferring any personal data to Knorex for processing purposes.
Knorex is a member and active participant of industry associations that promote greater transparency and control for users. As a registered vendor on the Global Vendor List under the IAB Europe Transparency & Consent Framework (TCF), we adhere to the TCF Specifications and Policies and work closely with publishers to meet EU General Data Protection Regulation (GDPR) requirements. Knorex’s identification number within the framework is #325.
2. The Platform Data We Collect
Personal data that can reasonably be used to directly, or indirectly, identify an individual is defined as personal or personally identifiable information under applicable law. Non-personal data does not directly or indirectly reveal an individual’s identity or directly relate to an identified individual (e.g., demographic information, statistics, or aggregated information). If we combine or connect non-personal, technical, or demographic data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data. When personal data is processed in such a manner that it cannot be attributed to a specific data subject without the use of additional information, it is referred to as “pseudonymous data.” This requires the additional information to be kept separately, together with technical and organizational controls, to ensure that the pseudonymous data is not attributed to an identifiable person.
Our customers and partners submit pseudonymous data that include audience segments by categories of interest, demographic data, and purchase intent data. As this pseudonymous data in the Platform does not directly identify users, the Platform does not contain identifiable personal data. The Platform is designed not to collect any identifiable personal data from our customers and partners. Our customers and partners are also contractually prohibited from transmitting any data that can directly identify an individual to Knorex. Personal data our customers and partners have about individuals outside of the Platform is governed by our customers’ and partners’ own legal requirements, privacy policies ad contracts.
We do not collect sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor do we process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The lists of pseudonymous data sent by our customers and partners for personalizing advertisements to users include device information, IP addresses, cookie identifiers, interest-based information stored or used on the Platform by us and our customers and partners, browser and device information, location information based on IP address or latitude/longitude coordinates, and information about ads that are shown.
3. How We Collect The Platform Data
Our Platform receives data from a user’s browser or device through cookies and other technologies (e.g., beacons, tags, mobile device identifiers, pixels). We may automatically collect technical data about your equipment, browsing actions and patterns. We collect this information by using cookies, server logs, and other similar technologies. On our website, we use browser cookies to record and store pseudonymous data related to your navigation of our websites including session information, access and usage preferences and pattern to help identify and track usage of our website to provide for personalization of your navigation on our website, promotion and marketing to you, and also to improve our service delivery to you.
The Platform Data we receive from customers and partners may include bid requests from supply side platform providers, available ad space, device, and user location information and identifiers, and connected TV device information about video content viewed on devices or apps.
4. How We Use The Collected Platform Data
We use Platform Data to provide Services to advertisers and owners of digital properties, and for our own internal business purposes that include compiling statistics about the advertising transactions; analyzing campaign forecasts and conduct machine learning; analyzing and reporting on campaign and ad performance; investigating, protecting against and deterring malicious activity, fake traffic or fraudulent, unauthorized or illegal activity on the Platform and on the internet; and debugging errors in systems.
Our customers and partners use Platform Data to collect, buy, and sell online advertising, and for various advertising-related purposes that include interest-based advertising, frequency capping, showing ads in sequence, geo-targeting, contextual ads, ad measurement, compiling aggregated statistics, and cross-device mapping. Customers and partners own the data that they provide to and get from the Platform. When customers and partners remove data from the Platform, their use of that data is governed by their own privacy policies and applicable laws.
5. Sharing of Platform Data
- Affiliates: We share Platform Data with affiliates in the Knorex group of companies.
- Customers and Other Third-Party Providers: Advertisers and advertising networks that require the data to select and serve relevant ads to you and others:
- We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users.
- We may also use such aggregate information to help advertisers reach the audience they want to target.
- We may make use of the personal data we have collected to comply with our advertisers’ wishes by displaying their advertisement to the intended audience.
- Customer data processed on our Platform is owned by our customers. We may share this data with other third parties in accordance with customer instructions.
- Some customers and partners receive bid request data through the Platform for advertising purposes.
- Service Providers: We may share Platform Data with our service providers that store or process data in connection with the Services we offer on the Platform on our behalf.
- Business Transfers: We may share Platform Data with a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
- Legal Rights and Compliance:
- To comply with any court order, law, or legal process, including responding to any government or regulatory request.
- To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.
We may share non-personal data without restriction.
6. Your Opt-Out Choices
If you do not want us to use information that we collect or that you provide to us to deliver interest-based advertising (IBA) / online behavioral advertising (OBA), you can opt-out by using these industry opt-out tools. For this opt-out to function, you must have your browser set to accept browser cookies.
To opt out of our cross-device advertising, you must opt out on every device browser and device using the appropriate opt-out methods. You will still receive generic ads from Knorex if you opt out of IBA. To opt out of IBA or cross-device advertising on your mobile device, you can modify or reset the settings on your mobile device by following these instructions.
7. Your Privacy Rights
You can access, review, and change your personal data by logging into the Website and visiting your account profile page. You can also use our web form or email us at email@example.com to request access to, or delete personal data that you have provided to us. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement:
European Economic Area (“EEA”) residents who have their personal information submitted to Knorex by or on behalf of a Knorex customer should contact the relevant Knorex customer directly to exercise their data protection rights under applicable law. Our legal basis for collecting and using EEA residents’ personal data will depend on the personal data concerned and the specific context in which we collect it. We will normally collect personal data from you where we have your consent to do so, where we need the personal data to fulfill our contractual obligations with you, or where processing is in our legitimate interests and not overridden by your rights. We may also have a legal obligation to collect personal data from you or to protect the vital interests of another person.
California Privacy Rights Notice (California Residents Only)
The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires businesses that collect personal information (personal data) of California residents to make certain disclosures regarding how they collect, use, and disclose such information. The categories of personal information we collect about you and the third parties with whom we share that personal information for a business purpose are described in Sections 2, 3, and 4 above. The CCPA gives California residents the right to make the following requests with regards to certain information we collect about them, at no charge, two times every 12 months:
- Right to request a copy of personal information we collected or disclosed for a business purpose.
- Right to request deletion of personal information we collected, subject to certain exemptions.
- Right to request that we disclose personal information we collect, use, and disclose.
You can submit a copy, deletion, or right-to-know request online by using our web form or by contacting us at firstname.lastname@example.org. Knorex will verify that the information you submit matches our records before we fulfill the request. If you use an authorized agent to submit a rights request on your behalf, we may still contact you to confirm your identity and that this request was submitted with your permission. Knorex does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal information.
8. International Data Transfers
9. Data Security and Retention
The security of your personal data is very important to us. We have implemented physical, electronic, and administrative safeguards (based on ISO 27001 industry standards) to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections. Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your personal data transmitted to our Platform. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Platform.
Knorex limits the retention of pseudonymous data collected on our Platform for up to 13 months, unless otherwise required by law or applicable contract. We retain aggregated and anonymous data from de-identified pseudonymous data indefinitely, to support statistical data modeling and analysis.
11. Contact Information
- 1159 Sonora Court, Suite 122, Sunnyvale, California 94086, United States (for U.S. persons)
- 140 Robinson Road, #01-01 Singapore 068907 (for non-U.S. persons)
Our Global Data Protection Officer can be contacted at: email@example.com.
If you have an unresolved privacy concern that we have not addressed satisfactorily, you may also contact your local data protection authority.