Privacy Policy & Website Privacy Policy

PRODUCT AND SERVICES PRIVACY POLICY

zeotap GmbH (“Zeotap,” “us,” “we,” or “our”) is a company that offers the next-generation Customer Data Platform. It empowers brands to unify, enhance and activate customer data in a cookieless future, all while putting consumer privacy and compliance front-and-centre. Our services either solely use Zeotap’s proprietary technology or use its proprietary technology in combination with customer data (“User Data”) received from third parties (“Data Partners”), including but not limited to, customer data unification, identity extension, data onboarding, data matching, data insights, custom audience building, analytics/modelling, audience targeting in web and mobile advertising, and transfer of data into activation systems (including marketing ecosystem partners) (“Services”). Please note that, as mentioned above, our Services are comprised of two types: (i) software products (“Software Products”), as part of which we are using solely Zeotap’s proprietary technology to process and arrange the customer data shared by our Clients (as defined below), and (ii) data products (“Data Products”), as part of which we use User Data either alone or in combination with the customer data shared by our Clients (as defined below). You can learn more about our Products and Services on our website.

Zeotap participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Zeotap’s identification number within the framework is 301.

Our Data Partners are mobile network operators, mobile application providers, media, technology platform providers, owners of media properties (“Publishers”), brands, agencies and others that have access to certain User Data that they wish to monetize by using our Services.

Our clients (“Clients”) are businesses, including brands and agencies (“Advertisers”), Publishers, and other companies that send digital targeted advertising to  consumers. By using our Services, our Clients can address a particular audience and tailor advertisements to the likely interests and preferences of such audience.

We work to ensure that our Services respect users’ privacy rights. To accomplish this goal, we adhere to privacy-by-design and privacy-by-default principles throughout the process of designing, building, and delivering our Services.

By law, we are required to provide you with information regarding:

• how and on what legal basis we use and disclose your personal data;
• how we take care of your privacy rights specific to your personal data;
• how you can reach us in case you have any concerns regarding this privacy policy (“Policy”) or the way we are handling your personal data.

The terms of this Policy apply to all User Data to the extent it contains your personal data as defined in the applicable laws and regulations.

This Policy does not apply to personal data collected by our website zeotap.com. To access our website privacy policy, click here.

This Policy also does not apply to information collected by our Data Partners, Clients or other third parties who may provide personal data to us, as their personal data handling practices are covered by their own privacy policies.

This Policy may change from time to time, so please check back periodically to ensure that you are aware of any changes in our processing of your personal data.

Data categories we receive and use

As part of the Data Products, we receive the following categories of User Data from our Data Partners:

• mobile advertising device IDs such as Apple’s Identifier For Advertisers (IDFA) and Google Android Advertising ID (“Ad IDs”);
• cookie IDs;
• hashed email addresses and hashed telephone numbers;
• demographic information like age, gender, city/region, income, language and mobile contract data such as prepaid/postpaid (“Demographic Data”);
• mobile app usage data about apps installed/accessed on a user’s device and app events and browsing data such as browsing URLs (Uniform Resource Locators) (“App Usage and Browsing Data”);
• purchase data, such as interest in and intent to purchase certain products or services;
• geolocation data
• TC String

We do not receive any ‘special categories of personal data’ (i.e., information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, health, trade union membership, or genetic/biometric data) or, knowingly, any personal data about children under the age of 16.

Our Data Partners may collect data directly from users (both online and offline) or receive data from third parties.

We request that our Data Partners provide users with all required information about the use of their personal data and allow users to exercise their rights according to applicable laws and regulations.

We may also use cookies, pixels and similar tools to collect users’ Ad IDs or cookie IDs ourselves. These tools also automatically collect and send us information such as referral URLs, user agent string, and IP addresses. This information is a normal part of the log file information that is routinely exchanged as part of communication between operating systems.

When we obtain different User Data pertaining to the same device from multiple Data Partners, we aggregate such User Data and store it against the same Ad ID (advertising identifier, associated with a device) or Cookie ID (a string of characters that websites and servers associate with the browser on which the cookie is stored). Zeotap also maintains a separate ID inventory, which connects the User Data into a common ID (“zeoID”) and is an internal pseudonymous identifier.

We enhance User Data to create de-identified data segments and aggregate such segments into segment lists or Ad ID / Cookie ID lists based on our Clients’ preferences. We then share such lists with our Clients to enable them to effectively target the relevant users.

We do not process information that directly identifies a particular individual such as an unencrypted name, address or government-issued ID number. However, whether or not User Data we receive are considered personal or personally identifiable data depends on, among other factors, the definition that applies in a user’s physical location. For example, in some locations, a user’s IP address may be deemed to be personal data, while in others it is not.

We do not interact directly with users or their devices, unless a user sends us a deletion request, as described below under “YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA (INCLUDING OPT-OUT OPTIONS)”

Please note that as part of our Software Products we may receive various additional categories of User Data from our Clients (including directly identifiable data).

Below we describe the User Data categories in more detail.

A. Online identifiers

Advertising IDs

Ad IDs are user-resettable, unique, anonymized identifiers for advertising. Ad IDs identify a specific device and are implemented both on IDFA and Google Android Advertising ID.

We obtain Ad IDs associated with de-identified User Data from our Data Partners. Ad IDs are then used by our Clients to identify advertising requests and to deliver relevant advertisements. We may also use Ad IDs to establish a relationship between different User Data attributes pertaining to the same user. For example, if we obtain User Data that indicates a certain user is between 25 and 30 years old, and later learn from another Data Partner that the user of the same device is interested in a healthy lifestyle, we combine this information against the same Ad IDs or cookie ID.

Cookie IDs

An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply a cookie) is a small piece of data sent from a website and is stored in the user’s web browser while the user is browsing.

We set third party cookies on behalf of Publishers who provide space for the display of advertising within websites. We may use cookies to establish a relationship between devices or data pertaining to the same user. If we already have information about a device’s user, we may link the information stored in cookies to the device’s Ad ID. We call this activity of linking information “mapping.” We use this information to facilitate the delivery of our Clients’ targeted Ads.

B. Browsing data

Log file information

In the course of the mapping activity described in the above paragraph, we receive such information as referral URLs, user agent string, and IP addresses.

When you come to the website where Zeotap cookies are set, the log file we automatically receive includes the referral URL, which is the address of the website that you came from. We do not use and discard referral URLs within a reasonable time in compliance with our data retention period.

We use IP addresses to derive information such as country and carrier. Afterwards, we discard IP addresses within a reasonable time in compliance with our data retention period.

We use user agent string information contained in the log file to determine your device operating system and device model. Afterwards, we discard user agent string within a reasonable time in compliance with our data retention period.

C. Offline identifiers

Hashed email addresses and hashed phone numbers

Some Data Partners or Clients may provide their offline data, such as hashed email addresses and hashed phone numbers. We require that such data are hashed using secure hashing algorithms prior to sharing with Zeotap.

We use hashed emails or hashed phone numbers to establish a relationship between offline and online user profiles pertaining to a certain user and enrich the profiles pertaining to those online users. For example, our Client would like to run an advertising campaign on mobile devices targeting users whose hashed email addresses and/or hashed phone numbers the Client already has. However, without respective Ad IDs, the Client cannot target the desired audience. By comparing hashed email addresses and hashed phone numbers provided by the Client with the User Data we have from our Data Partners, we can match hashed email addresses or hashed phone numbers to Ad IDs corresponding to the same user. As a result, we have a list of Ad IDs corresponding to the list of users the Client would like to target. Additionally, we can also enrich those lists with additional profile data, such as the ones described below.

Hashed emails would also serve as a basis for the creation of ID+, our tokenized individual pseudonymous identifier and specific to a user. You can learn more about ID+ here.

D. Profile data

Demographic data

We may obtain demographic User Data from our Data Partners, such as:

• user demographics (e.g., age or age range and gender);
• general geographic area of the user address and zip code;
• predicted or actual income tier;
• other demographic information that was received or collected by our Data Partners.

Zeotap uses this information to create demographic segments about users, for example, users who are “males, 30 to 34, living in Brooklyn.” We connect segments with Ad IDs so that our Clients can reach their target audiences on mobile devices.

App usage data

We may obtain App Usage and Browsing Data from our Data Partners, such as:

• apps installed/accessed on a user’s device;
• app events such as purchases or sign-ins;
• browsing data such as URLs.

URLs are web addresses, a specific character string that constitutes a reference to a resource. Most web browsers display the URL of a web page above the page in an address bar.

We transform App Usage and Browsing Data into aggregated segments based on interests or purchase intent (such as Sports Enthusiast, Health & Fitness Buffs) which are of interest to our Clients.

Purchase data

We may obtain purchase data from our Data Partners, such as:

• items you have bought in stores;
• items you have bought online;
• items you have put in a shopping basket online.

E. Geolocation data

We may receive data from Data Partners about the physical location of a specific device, including latitude-longitude coordinates obtained through GPS tools, Wi-Fi or cell tower triangulation techniques.

The location data we receive from Data Partners may be generalized, non-precise location data, or we may render the location data non-precise, in order to provide generalized location data to our Clients. Our Clients may use inferences from this information to send localized ads or targeted ads. We do not process precise location EU and UK data.

F. TCF String

A TCF String’s primary purpose is to encapsulate and encode all the information disclosed to a user and the expression of their preferences for their personal data processing under the GDPR. Using a Consent Management Platform (CMP), the information is captured into an encoded and compact HTTP-transferable string. This string enables communication of transparency and consent information to entities, or “vendors”, that process a user’s personal data. Vendors decode a TCF String to determine whether they have the necessary legal bases to process a user’s personal data for their purposes. The concise string data format enables a CMP to persist and retrieve a user’s preferences any time they’re needed as well as transfer that information to any vendors who need it.

For further details, please refer to the IAB Europe policies. 

Legal basis for processing personal data

Our Services enable our Clients to among other things tailor advertising you see on your internet browser or mobile device to your interests and preferences. As a result, the number of ads that are not relevant or of interest to you will be reduced. To achieve this goal, we need to process your personal data. Such processing operations including the use of cookies or other tracking technologies, are covered by your consent, which especially enables our Clients to use customized audience segments to improve and enhance their marketing activities and marketing reach.

Under Data Products, our Data Partners who provide User Data to us collect users’ consent to process their personal data and share it with us according to their respective privacy policies. The consent collected by our Data Partners complies with the applicable laws requirements and enables Zeotap and its Clients processing activities. Any processing of your personal data by Zeotap is subject to your rights of choice and control as explained below. In accordance with the IAB Europe policies, we may process TC Strings. As TCF Vendor, we have conducted and documented a legitimate interest assessment for the processing of TC String. This assessment has shown that data subjects’ interests and fundamental rights do not override the legitimate interests pursued. 

Under Software Products, our Clients are acting as data controllers and are responsible for ensuring that an appropriate legal basis is in place.

Please note that under Data Products, in case we combine our Client data with User Data, our Clients and us act as joint data controllers. With respect to the joint process, we and our Clients jointly determine the purposes and means of processing of User Data. In an agreement on joint controllership pursuant to Article 26 GDPR, we and our Clients have determined how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations. In particular, it was determined how an appropriate level of security and your rights as a data subject can be ensured, how the information duties under the applicable laws can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled.

With whom we share user data

We share User Data with the following categories of third parties for the following purposes:

• Advertisers and Agencies – we share Online Identifiers, Browsing Data, Offline Identifiers, Profile Data and Geolocation for the purposes of targeting, analytics, measurement;
• Publishers and other companies that send targeted advertising to mobile consumers – we share Online Identifiers, Profile Data and Geolocation for the purposes of targeting, analytics, measurement, audience insights;
• Third party data platforms such as Demand Side Platforms (DSPs), Data Management Platforms (DMPs), advertising marketplaces, ad networks etc. (“Data Platform”) – we share Online Identifiers and Profile Data, for the purposes of data activation, targeting, analytics, measurement;
• Ad measurement companies– we share Online Identifiers, Browsing Data, Offline Identifiers, Profile Data and Geolocation for the purposes of analytics, measurement, cookie syncing (i.e we may exchange Online Identifiers and Profile Data to synchronise them with data held by others to help our customers ensure that their online advertising campaigns, which are delivered based on these Online Identifiers, are only shown to the users that are most relevant to them);
• Our hosting provider Google Cloud EMEA Limited (“Hosting Providers”) – we share Online Identifiers, Browsing Data, Offline Identifiers, Profile Data and Geolocation for the purposes of storage;
• Our affiliates – we share Online Identifiers, Browsing Data, Offline Identifiers, Profile Data and Geolocation for the purposes of providing technical support and helping Zeotap operationally perform the Services.

The Advertisers we work with operate in the following businesses: Arts & Entertainment, Automotive, Health & Fitness, Food & Drink, Hobbies & Interests, Home & Garden, News, Finance & Insurance, Science, Pets, Sports, Style & Fashion, Technology & Computing, Tourism & Travel, Real Estate, Shopping, Health & Personal care, Information & Communication Technology (ICT), Energy, Transportation. Agencies we work with include: Dentsu UK Limited and Dentsu affiliate entities.

Publishers we work with include: MediaMond S.p.A., Triboo Media S.r.l., NetAddiction S.r.l., Edizioni Piemme S.p.A., Teads Italia S.r.l., Viralize S.r.l., AdKaora S.r.l., WebAds S.r.l., Instal S.r.l., Smartclip Italia S.r.l., MovingUp S.r.l., ZETA Gestion de Medios, WebAds Interactive SL, VLN Servicios Publicitarios Integrales S.L. (Sunmedia), Blue Media Comunicacion, S.L., RichAudience International SL, Smartclip Hispania SL, Teads S.A.

Data Platforms we work with include: A.C. Nielsen Company Limited, adsquare GmbH, Xandr Inc., Inmobi Ltd., Maiden Marketing PTE Ltd. (d.b.a. POKKT), Amobee Inc., Widespace AB, Google Ireland Ltd., The Trade Desk Inc., Adform A/S, Adobe Systems Inc., TAPTAP Networks S.L., Videology Media Technologies B.V., Teads Italia S.r.l., Teads S.A. (global), Smartclip Italia S.r.l., LiveRamp Inc., TabMo SAS (Hawk), Pocket Math Pte Ltd, Bidstalk Technologies Pte Ltd, Mediasmart Mobile S.L., AppLift GmbH,  salesforce.com  EMEA Limited, Yahoo AdTEch LLC, Meta Platforms Ireland Limited, Narrative I/O Inc., Adex GmbH, Smart Adserver, Lotame Solutions, Inc., Ventes Avenue Pvt Ltd, Neustar Inc., MediaMath, Inc., A.MOB SAS, Oracle, Amazon Europe Core SARL, Twitter International Company, Snap Group Limited, Taboola.com Ltd, Weborama SA, FreeWheel Media Inc, PubMatic Inc, Index Exchange Inc, Platform161 BV, Dynamic Yield GmbH, Permutive Limited, TikTok Technology Limited (Ireland), Braze Inc, Microsoft Corporation, Magnite, Inc., Eyeota Pte Ltd, Neodata Group s.r.l., ID5 Technology Limited

We will also disclose your User Data in response to valid legal processes, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. We are required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with us, or our affiliates. In these cases, we will require the acquiring company to carry on the material terms of this Policy, including the requests for account deletion.

When we transfer user data internationally

When we share User Data with the recipients described above, such sharing may constitute a transfer to a third country outside of the European Economic Area, for which the European Commission has not determined an adequate level of protection for your personal data. By law, we are required to ensure that the level of protection guaranteed for your personal data by the European and UK laws is not undermined by such transfer. We enter the EU Standard Contractual Clauses with respective User Data recipients, which you can access upon request. Please note that User Data is stored in the following locations: Germany, Belgium and United Kingdom.

How we protect personal data

We have implemented appropriate technical and organizational safeguards to protect any personal data we receive from theft, loss, and unauthorized access. We follow generally accepted standards to protect personal User Data throughout the entire use cycle starting from the initial transfer until deletion. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.

Your rights with respect to your personal data (including opt-out options)

Your personal data belongs to you. You have the following rights – in part under certain conditions – with respect to your personal data:

• right to request confirmation as to whether or not we process any of your data, and, where that is the case, right of access to your data;
• right to request rectification of inaccurate or incomplete personal data;
• right to request the erasure of your personal data;
• right to restrict processing of your personal data if certain conditions are met, e.g., if you believe the personal data we hold about you is not accurate;
• right to object to us processing your personal data;
• withdraw your consent at any time with effect for the future;
• right to data portability, which only applies, however, if you provided us with your personal data directly.
• Right to lodge a complaint with a supervisory authority : You must exercise this right directly with your local data protection authority. For example, in Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit, whose contact details can be found here : https://www.datenschutz-berlin.de/

How to exercise your rights

To opt-out from the processing or exercise your other rights with respect to your personal data, you can directly contact your mobile operator or another Data Partner with whom you shared your personal data (please refer to their respective privacy policy). It is the responsibility of the respective Data Partner to ensure that your request is fully honoured.

Additionally, you can contact us directly. The data we store is encrypted and stored against either (i) an Ad ID or (ii) a Cookie ID. This means that we need your Ad ID and/or Cookie ID in order to find all your data that are present in our system.

Alternatively, we can check whether the data attribute that you sent us in your request (e.g. a telephone number or e-mail address) is stored in our system in a hashed format, however, if the hashed telephone number or hashed e-mail address is not stored in our system, and you did not provide us with your Ad ID and/or Cookie ID, we will not be able to find other related data that might still be stored in our system.

Therefore, in order to be able to process and respond to your request properly and fully, we provide you with the following different channels to exercise your rights:

1. You can ask for access and/or deletion of your data stored against a Cookie ID, through our website portal
2. You can ask for access and/or deletion of your data stored against an Ad ID, through our proprietary mobile App (“Data Protection Rights App”) that can be downloaded via Google Play and/or the Apple Store
3. You can also submit your requests by completing this form

Apart from all the above rights, you can also lodge a complaint with a supervisory authority if you believe we or our Data Partners infringed upon your rights.

Moreover, you can always use the following mechanism to opt-out from targeted advertising:

• you may select  “Limit Ad Tracking” on iOS or “Opt-out of interest-based ads” on Google Android. In this case, we will keep your User Data until you request us to delete it, but we will not use it for targeted advertising purposes, and activity on your mobile device will be effectively invisible to us. You may reset the Ad ID by selecting the option “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android. This will delete your current Ad ID from your device and replace it with a new Ad ID. As a result, we will not receive any Bid Requests containing the old Ad ID anymore. After a certain amount of time, we will delete the old Ad IDs and related User Data. However, we may receive access to your new Ad ID and match it with other User Data we might receive from our Data Partners over time.
• you can clear or block our cookies in the settings of your mobile browser. In this case, we will keep your data, but we will not be able to use it to target your device when you are browsing mobile websites. However, regardless of the deletion of cookies, your device can still be targeted when you are using apps on the basis of your Ad ID.
• you may also visit the webpage http://youradchoices.com/appchoices and/or download the mobile AppChoices app. For more information about targeted advertising and opt-out options, you may visit for example the webpage of Network Advertising Initiative’s at http://www.networkadvertising.org/choices and/or Your Online Choices at www.youronlinechoices.com/uk.

Please also note that using the above options does not mean you will block mobile advertising, but it means that the ads you receive will not be personalized for you.

Regarding users from the United States:

This section applies solely to visitors or users who reside in the United States.

• Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioural advertising services) that you do not wish such operators to track certain online activities, over time and across different websites. We do not honour “Do Not Track” signals.
• Under the California Privacy Rights Act (‘CPRA’):
  • Categories of Personal Information : The categories of Personal Information that we collect and/or share are described in the section “2.Data categories we receive and use” of this notice 
  • Purposes: We do share Personal Information for specific business purposes, described in section 4.With whom do we share User Data and for which purposes. 
  • Your rights: you have certain rights regarding the Personal Information that we collect and process about you. This includes the rights to request access or deletion of your Personal Information, as well as the right to submit a request to stop selling or sharing your Personal Information. Please refer to the links and details provided above in section “How to exercise your rights”.
    • DO NOT SELL MY DATA: You have a right to direct us not to sell or share your Personal Information. We do not sell or share the Personal Information of consumers who are under 16 years of age. For more information on how to exercise your rights, please see section “How to exercise your rights”

Information on data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

We retain data until the occurrence of the following events:

• request from a Data Partner to delete certain User Data; or
• the users submit their Ad ID to us for deletion of associated data; or
• expiration of the Zeotap defined retention period with a deletion of unused profiles after 3 months.

Please note that our cookies have the following storage durations:

• zc: Cookie dropped against .zeotap.com domain. Purpose: User identification. Expiry: 365 days
• zsc:  Cookie dropped against .zeotap.com domain. Purpose: Frequency capping for cookie syncing. Expiry: 1-day
• zi:  Cookie dropped against site domain as first-party cookie. Purpose: User Identification. Expiry: 365 days
• idp:  Cookie dropped against site domain as first-party cookie. Purpose: User Identification. Expiry: 365 days
• zuc: Cookie dropped against .zeotap.com domain to store the consent value. Purpose: User Identification. Expiry: 365 days

ZEOTAP.COM WEBSITE PRIVACY POLICY

CLASSIFICATION: PUBLIC

CURRENT VERSION: 7.5

zeotap GmbH (“Zeotap,” “us,” “we,” or “our”) is a company that offers the next-generation Customer Data Platform. It empowers brands to unify, enhance and activate customer data in a cookieless future, all while putting consumer privacy and compliance front-and-centre. For more information about Zeotap’s privacy practices related to our services, please read the Product and Services Privacy Policy.

Zeotap is committed to protecting the privacy of our customers and visitors to our website http://zeotap.com (“Site”). This Privacy Policy (“Policy”) covers how we collect, use, retain, disclose, and transfer your information that may be collected directly from you on the Site and/or  that we collect via acquisition from third-party providers. You may submit information via our contact forms, “Request a Demo” (or similar) online form or if you register for an event, download any content, subscribe to our newsletter or apply for a job position. Some information may also be gathered as you navigate the Site. Whether or not the information we receive is considered personal data depends among other factors on the definition that applies in your physical location. For example, in some locations, your IP address may be deemed to be personal data, while in others it is not. The purpose of this Policy is to explain how your data is used.

By law, we are required to provide you with information regarding how and on what legal basis we use and disclose your personal data, your privacy rights specific to your personal data, and how you can reach us in case you have any concerns regarding this Policy or the way we are handling your data.

This Policy may change from time to time, so please check back periodically to ensure that you are aware of any changes in our processing of your personal data.

1.YOUR PERSONAL DATA, OUR LEGAL BASIS AND PURPOSES TO PROCESS YOUR PERSONAL DATA & STORAGE DURATION

YOUR INTERACTION WITH US	CATEGORIES OF DATA PROCESSED VIA THIS INTERACTION	LEGAL BASIS TO PROCESS YOUR DATA	OUR PURPOSE(S) TO PROCESS YOUR DATA
You visit our website	IP address Date of visit system information your marketing choices	Consent (art. 6.1 a GDPR)	-We may personalise your user’s experience on our website -We may send you personalised advertising about our own products and/or services on third party platforms that you visit.
		Legitimate interest (art. 6.1 f GDPR)	We may improve our existing products and/or services -We may use your data within the context of testing our new products and/or services -We may use you’re your data within the context of internal trainings for our teams -We may use your data to monitor our systems and to defend them against attacks
You sign up for our event(s)	Name Title Email Phone number	Contract (art. 6.1 b GDPR)	We send you the details of the event (e.g date and location, requirements to participate, agenda of the event etc)
You participate our sweepstakes and contests	Name Title Email address Phone number	Contract (art. 6.1 b GDPR)	We collect and share your data with the relevant internal teams responsible for the organization and management of the sweepstakes We reach out to you with the results of such sweepstakes (e.g prize won).
You write us an email	Name Email address	Legitimate interest (art. 6.1 f GDPR)	We collect and share your data with the internal teams responsible for answering your request
You fill in our contact form(s)	name Email address Mobile phone number Job title Company name	Consent (art. 6.1 a GDPR)	We collect and share your data with the relevant internal teams responsible for answering your request
You apply to our job offer(s)	Name Email Phone number Link to Linkedin profile Home location content of your CV	processing the job application (art. 6.1 b GDPR)	We collect and share your data with the internal teams responsible for the job offer to which you applied. We analyse your CV and/or cover letter or any others documents shared with our teams, and may reach out to you within the context of this job offer and in accordance with our recruitment process.
You subscribe to our newsletter(s)	Email address	Consent (art. 6.1 a GDPR)	We send you news and relevant information about our products and/or services
You download any content (e.g white papers) available on our website	name Email address Company name	Consent (art. 6.1 a GDPR)	We send you a copy of the documents that you have requested
You request a demo of our products	name Email address Mobile phone number Job title Company name Country	Consent (art. 6.1 a GDPR)	We reach out to you in order to organize an online meeting and introduce ourselves and our products/services.

We retain this information as long as necessary for our above-mentioned business purposes.

COOKIES AND OTHER TRACKING TECHNOLOGIES

When you visit the Site, we use cookies. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It allows the website to remember your activities and preferences (such as login, language, font size, and other display preferences). The personal data (as described below) acquired through non-essential cookies used on our Site are processed based on your consent collected via our Consent Management Platform available on every page of our Site. Such consent can be withdrawn at any time via our Consent Management Platform (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until it reaches its expiry date, or it is deleted by the user before the expiry date; a session cookie, instead, will expire at the end of the user session, when the web browser is closed.

On our Site we use the following cookies:

ESSENTIAL COOKIES

USERCENTRICS

This website uses Usercentrics Consent Management Platform, a service offered by Usercentrics GmbH. In the context of order processing, we transmit personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, as a processor. Consent data means the following data: Date and time of the visit or consent / refusal, device information. The processing of the data is carried out for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 (1) GDPR) and the associated documentation of consents and thus on the basis of Art. 6 (1) lit. c) GDPR. Local storage is used to store the data.

The consent data is stored for 3 years. The data is stored in the European Union. For more information about the collected data and contact options, please visit https://usercentrics.com/privacy-policy/.

FUNCTIONAL COOKIES

GOOGLE ANALYTICS

This website uses Google Analytics, a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google places third-party cookies on your device that are used to analyze the use of our website. We use the information for the site analytics reports and to improve the Site. The cookies collect information in an anonymous form, including the number of visitors, sessions, and campaign data.
For more information, please visit www.google.com/policies/privacy/partners/.

If you wish to enable or disable Google Analytics, please use our Usercentrics Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

RUMvision 

This website utilize RUMvision as an analytical tool on our website to track user experience related to page speed and web performance. This data is collected anonymously through a small snippet of JavaScript code, allowing us to optimize and enhance your browsing experience.

It’s important to note that RUMvision does not collect any personal data such as IP addresses, names, email addresses, or other identifying metrics. However, it may collect information such as device memory, browser, internet speed, and data indicating whether a user is a first-time or returning visitor, or clicking through our site.

This data is collected through LocalStorage and SessionStorage in your browser and is not shared or combined with other parties.

As a tool located in the Netherlands (EU), RUMvision is fully GDPR compliant, and we take your data and privacy seriously. We ensure that your information is protected and that your privacy is always respected.

For more information, please visit rumvisio.com/statement/privacy-policy/ 

If you wish to enable or disable RUMvision, please use our Usercentrics Consent Management Platform available on this website (please find more information in the section “HOW TO EXERCISE YOUR RIGHTS”). 

MARKETING COOKIES

DEALFRONT

This website uses Dealfront, a service offered by Liidio Oy, as part of ECHOBOT GROUP GmbH to analyze visitor behavior. Dealfront places a third-party cookie on your device for the usage of a website visitor tracking software.

The personal data that is collected by or through the use of this cookie is: IP address.       

The purpose of this processing activity is to help us understand which businesses (B2B) are visiting our website, by enriching IPs with associated information such as the company name or industry code as provided by Dealfront. Dealfront     has the following information and may use it in its service: Email address, Employer, Job titles and Public social media handles, links and profile photos. For more information, please visit https://www.dealfront.com/privacy-notice/     

If you wish to enable or disable the Dealfront     cookie please use our Usercentrics Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

HUBSPOT

This website uses Hubspot (Hubspot, Hubspot Essential, Hubspot Forms), a service offered by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America. Hubspot places third-party cookies on your device to enable its services related to marketing, content management, web analytics, search engine optimization and creating online forms. In particular, when you visit our website, HubSpot may drop cookies on your device to:

Track Website Usage: HubSpot cookies track your browsing behavior on our website, including pages visited, time spent on each page, and interactions with website elements. This information helps us understand how visitors engage with our content and improve the user experience.

Personalize Content: HubSpot cookies enable us to personalize content and offers based on your interests and browsing history. This allows us to provide relevant and targeted marketing messages to enhance your experience on our website.

Facilitate Marketing Campaigns: HubSpot cookies are used to measure the effectiveness of our marketing campaigns, including email marketing, advertising, and social media efforts. This helps us optimize our marketing strategies and allocate resources efficiently.

Provide Analytics: HubSpot provides us with analytics and insights into website traffic, visitor demographics, and other key metrics. This data helps us make informed decisions about our marketing efforts and website performance.

The personal data that is collected by or through the use of this cookie are: aggregated usage; Browser type; Device identifiers; Device model; Device operating system; Domain name; Files viewed; Frequency of use of mobile application; Geographic location; Internet service provider; IP address; Length of page visit; Mobile application information; OS version; Performance data; Referrer URL; Time of access or retrieval; Where the application was downloaded from; Clickstream data; Events occurring within application; Navigational information; Pages viewed; Subscription Service credentials; Click path; Date and time of visit; User agent data; Company name; Email address; Transaction information; HTML pages; Information from third party sources; Mobile application performance data; Payment information; Usage data; Telephone number; Session duration; Device type; Pages visited; Where the application was downloaded from; Frequency of use of mobile application; Domain name; Contact information. For more information, please visit http://www.hubspot.com /privacy-policy.

If you wish to enable or disable the Hubspot cookies please use our Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

Additionally, you can control and/or delete cookies as you wish – for details, see http://aboutcookies.org . You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. If you disable your web browser’s ability to accept cookies, you will be able to browse the Site, but will not be able to access or take advantage of all the features and services on the Site.

LINKEDIN

This website uses the LinkedIn Insight Tag, a service offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn places a third-party cookie on your device for its tracking and retargeting service. The cookie is used for (i) Analytics; (ii) Retargeting and (iii) Marketing. The personal data collected through this cookie is (i) referrer URL; (ii) IP Address; (iii) Device information; (iv) Browser information and Timestamp. For more information, please visit www.linkedin.com/legal/privacy-policy.

If you wish to enable or disable LinkedIn Insight Tag please use our Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

Salesloft

This website uses Live Website Tracking, a service offered by Salesloft Inc., a Delaware corporation, having its principal place of business at 1180 West Peachtree St NW Suite 2400, Atlanta, GA 30309.

Salesloft places third-party cookies on your device to track your activity and interactions with our web pages in real time. Links sent in emails and clicked by the recipient will trigger the view tracking of our web pages.

The personal data that is collected by or through the use of this cookie are:  URLs/webpages visited and time spent on each URL/webpage

For more information, please visit https://www.salesloft.com/platform-privacy-notice/

If you wish to enable or disable the Salesloft cookies please use our Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

Additionally, you can control and/or delete cookies as you wish – for details, see http://aboutcookies.org . You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. If you disable your web browser’s ability to accept cookies, you will be able to browse the Site, but will not be able to access or take advantage of all the features and services on the Site.

ZEOTAP GmbH

With your consent, Zeotap may place first-party cookies on your device for its tracking and retargeting purposes. The cookies are used for (i) Analytics; (ii) Retargeting and (iii) Marketing purposes as detailed above in the table. The personal data collected through the cookies are : (i) website event attributes, (ii) user ids (name, email address, phone number), (iii) consent preferences.

List of cookies dropped by Zeotap only with your consent:

• zc: Cookie dropped against .zeotap.com domain. Purpose: User identification. Expiry: 365 days
• zi:  Cookie dropped against site domain as first-party cookie. Purpose: User Identification. Expiry: 365 days
• idp:  Cookie dropped against site domain as first-party cookie. Purpose: User Identification. Expiry: 365 days

If you wish to enable or disable Zeotap pixels please use our Consent Management Platform available on the Site (please find more information below, in the section “HOW TO EXERCISE YOUR RIGHTS”).

 HOW WE SHARE YOUR PERSONAL DATA
We may disclose your personal data in the following cases:

SERVICE PROVIDERS

We may disclose your personal data to third-party vendors who help us operate the Site. These third parties are obligated to comply with applicable data protection laws and applicable regulations.

DISCLOSURE REQUIRED BY LAW

We will disclose your information in response to a valid legal process, for example, in response to a court order, a subpoena, or other legal requests for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. We are required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

BUSINESS TRANSITIONS

In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with us, or our affiliates. In these cases, we will require the acquiring company to carry on the material terms of this privacy statement, including the requests for account deletion.

WHEN WE TRANSFER YOUR DATA INTERNATIONALLY

When we share personal data with the recipients described above, such sharing may constitute a transfer to a third country outside of the European Economic Area, for which the European Commission has not determined an adequate level of protection for your personal data. By law, we are required to ensure that the level of protection guaranteed for your personal data by the European and UK laws is not undermined by such transfer. We enter the EU Standard Contractual Clauses with respective data recipients, which you can access upon request.

PROTECTION OF YOUR PERSONAL DATA

We have implemented appropriate physical, technical, and organizational safeguards to protect any personal data from theft, other loss, misuse, and any unauthorized access, copying, collection, use, disclosure, alteration, or destruction. We follow generally accepted standards to protect the personal data throughout the entire use cycle starting from the initial transfer till deletion. In addition, we limit internal access to your personal data to our employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.

YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA (INCLUDING OPT-OUT OPTIONS)

Your personal data belongs to you. You have the following rights with respect to your personal data:

●      right to request confirmation as to whether or not we process any of your data, and, where that is the case, right of access to your data;

●      right to request rectification of inaccurate personal data;

●      right to request erasure of your personal data;

●      right to restrict processing of your personal data if certain conditions are met, e.g., if you believe the personal data we hold about you is not accurate;

●      right to object to us processing your personal data;

●      withdraw your consent with effect for the future;

●      right to data portability, which only applies, however, if you provided us your personal data directly.

HOW TO EXERCISE YOUR RIGHTS

You may submit your requests to opt-out from the processing or exercise your other rights with respect to your personal data by contacting us, for example by completing this form.

You may opt out of marketing-related emails by clicking on a link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.

You can also opt out of our Site cookies at any time. Simply click on the blue icon of our permanent Consent Management Platform available on the bottom of every page on the Site .

Apart from the rights described above, you have the right to lodge a complaint with a supervisory data protection authority.

Contact

If you have any questions or suggestions about this Policy and our privacy practices, please contact us here or through the below channels:

By email: 

By post to Zeotap: zeotap GmbH, Privacy Team, Stresemannstraße 123, 10963 Berlin, Germany

By post to our UK representative: zeotap UK Limited, 16 Great Queen Street, Covent Garden, London WC2B 5AH, United Kingdom

By post to our external DPO: ePrivacy GmbH, Prof. Dr. Christoph Bauer, Burchardstrasse 14, 20095 Hamburg, Germany

This Policy was last modified in August 2024.