hurra.com™Privacy policy of hurra.com banner view tracking and RTB technology

Privacy policy of our RTB technologyWhat is privacy policy about?

This Privacy Policy applies to the "OWAPro" Banner View Tracking and real-time bidding (“RTB”) technology created, used, and offered by Hurra Communications GmbH (“hurra.com”) for personalised advertising. This technology is used as a controller, joint controller and processor service of hurra.com and our clients (“advertisers”).

hurra.com participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. hurra.com’s identification number within the framework is 1050. For more information on the IAB TCF please visit https://iabeurope.eu/.

When our technology is used by and on behalf of our clients, these clients are joint controllers with us. In this case, hurra.com is a joint controller in accordance with Article 26 GDPR. For processing related to online identifiers collected on publisher websites hurra.com is controller. As our technology OWAPro may also be used by our agency advertising service clients (including such functionality as tracking, tag management, web analytics, and web controlling). In this case technology is used on behalf of our agency clients or by our clients themselves according to this policy: https://privacy.hurra.com

Data in personlized advertising What data we process

The following personal data categories are processed using OWAPro’s Banner View Tracking and hurra.com RTB technology:

  1. We collect information regarding your browsing history on an advertiser’s website to better understand your interests in the advertiser's products or services. This will help us show you ads that better match your interests. We do it on behalf of an advertiser who is our agency’s client. Thus, we process this data as a processor IAW Art. 28 GDPR and it is not shared across other advertisers and agency clients. For more details see privacy.hurra.com.
  2. While you are visiting a publisher website where we want to display ads to you, we receive certain information in the form of a so-called RTB “bid request” about you and the context of your visit. This is an invitation to take part in the auction where the winner is allowed to display their ad to you. The information from the bid request is provided by our business partner in cooperation with a publisher. It can be used alone or in combination with advertisers data about your interests and helps determine whether a given ad matches your profile and hence the ad can be displayed to you. After the auction is won we use this information to evaluate the performance of our campaigns. We may use this data also for debugging purposes. We process your information as a controller jointly with our advertisers.
  3. Information collected with the delivery (i.e. “banner view” or “impression”) of an ad when an ad of one of our advertisers is shown to you can be used to evaluate the value of the ad impression to the performance of a digital campaign. We collect this information with our banner view pixel by sending an HTTP request on ad impression from your browser to our tracking server. This information is collected jointly with an advertiser.
  4. We may link multiple devices that belong to you if you log in to advertiser’s and our client digital properties (website or app) from these multiple devices. We can do it only on behalf of our customer. If you do not log in we may use information collected from the bid request or our banner view tracking pixel to attempt to link your devices together. Device linking is done to support ad performance measurement and ad selection.

We work with advertisiersWhy do we use joint controllership?

Our clients and hurra.com work closely together when using our RTB technology and banner view tracking services. This also applies to the processing of your personal data. Thus, we have jointly determined the order of the processings of your personal data in each section of processing. Therefore we are so-called joint controllers (Article 26 GDPR) for the protection of your personal data together with the advertiser within the sections of processing described below.

Our data sourcesHow data is collected

hurra.com collects data in the following ways:

  • RTB bid request data / RTB auction bid and win data- we receive this data, when you enter the website of a publisher offering advertising, where we may deliver creative ads (also called “banners”) to you.
  • Banner view tag – a 1x1 image pixel displayed along with a creative ad in the case when we actually deliver a creative ad to you. Thereby we collect data from HTTP requests on impressions of and interactions with our creative ads on publishers’ websites.

Personalized advertisingWhat we do with your data and why we process it

Our technology processes your personal data collected for the purposes of participation in real time bidding auctions for personalised ads display, as well as delivery and measurement for creative ads on publishers’ websites. Therefore following processing activities may be carried out (purpose# based on iab TCF v2.0 specification):

  • storing and/or accessing information on a device (purpose 1),
  • selecting basic ads (purpose 2),
  • selecting personalised ads (purpose 4),
  • measuring ad performance (purpose 7).

Moreover, we may process data to ensure security, prevent fraud, and debug our technology.

Legal...What is the legal basis for data processing?

When storing and/or accessing information on your device we pursue the GDPR valid consent as our legal basis.

The legal basis for the processing of your personal data for the purpose of both personalised and non-personalized advertising (in particular following purposes: select basic ads, select personalised ads) is your consent IAW Art. 6 Para. 1 lit a GDPR, as provided either on the publishers’ or on the advertisers’ websites.

The legal basis for applying for the purpose of measuring ad performance, as well as for the purpose of ensuring security, preventing fraud and debugging is our legitimate interest IAW Art. 6 Para. 1 lit. f GDPR.

All processed data is pseudonymizedWe do not recognize you personally

The personal data we collect, will not allow hurra.com to identify any person in a direct way.

Data retentionHow long do we store your data?

Personal data is deleted or anonymized after 13 months. Anonymized data is stored over the duration of the contract concluded between us (hurra.com) and our advertising clients, and after the contract has expired.

Processing in the European UnionWhere is your data processed by us?

For the EU users, data collection, processing, and storage takes place in our data centers in the EU region. For the users from outside the EU, data collection and processing as well as temporary storage are possible if the data has been transmitted to one of our data centers in the EU. There is no permanent data storage outside the EU.

Our advertising partnersHow third parties may process your data

If your data is shared with a third party, it is done to help advertisers and our clients at the same time determine whether the ad should be displayed to you or not as well as evaluate the performance of their digital campaigns.

We do share with our advertisers all details collected with our banner view tracking pixel, but we do not do it in terms of the RTB auction data. This information is only shared in aggregated form along with information of other publisher website visitors for the purpose of bidding and reporting.

Your other rights as a data subject

  • Right of access
    According to Art. 15 GDPR, you have the right at any time to receive information about the personal data processed and stored about you. To do this, contact our data protection officer by email.
  • Right to correction, deletion and restriction of processing
    According to Art. 16 GDPR, you have the right to request the correction of incorrect personal data relating to you at any time. If the legal requirements are met, you can request the deletion or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR).
  • Right to lodge a complaint with a supervisory authority
    According to Art. 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR and any federal or state-specific data protection regulations. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW), who enables you to submit a complaint online here https://www.baden-wuerttemberg.datenschutz.de/online-beschwerde/

Contact

For further questions on our privacy policy and to execute your data subject rights, please do not hesitate to contact our corporate Data Protection Officer:

Hurra Communications GmbH
Data Protection Officer
Lautenschlagerstraße 23a
70173 Stuttgart
Germany
Email: privacy@hurra.com

Changes to our privacy policy

Technical progress, changes in the law or in our internal processes require adjustments to this privacy policy. We reserve the right to make changes to this privacy policy.

Date of this Privacy Policy: 16th August 2021