Privacy Policy (AcceptableAds.com)

Privacy Notice (short version)

Your protection and data confidentiality is of utmost importance to us ("eyeo", "we", "our"). The following privacy notice shall provide you with a general overview about the collection, processing and use (hereinafter together referred to as "processing") of your personal data on our website AcceptableAds.com (hereinafter referred to as "website"). For more information regarding our processing activities, please view our complete Privacy Policy.

What kind of data do we process?

1. When using our website, by default:

2. When subscribing to a newsletter

Automatically:
Voluntary:

3. When applying for the Acceptable Ads Committee (AAC)

Automatically:
Voluntary:

4. When applying to participate in the Acceptable Ads initiative as a publisher, advertiser, SSP, DSP or other ad tech provider

Automatically:
Voluntary:

5. On our social media pages

How do we collect data?

List of techniques and tools we use for data collection:
Log files
Newsletter subscriptions
Application signup form
Customer relation management tool
Data you provide to us with via social media
In connection with our social media pages:
Cookies

How and why do we process your data?

We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), the applicable EU laws and German national data protection laws.

How long do we keep data?

Our values

We collect as little data as possible. If anonymous or pseudonymous use is possible, we will anonymize or pseudonymize your data.

What rights do you have?

In compliance with the GDPR, and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the right to:
Receive information about your personal data processed by us, how we process your data, and how we obtain such data.
Rectify inaccurate personal data and restrict details.
Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller.
Request erasure of your data, unless such data needs to be retained for legal purposes.
Object to the processing of your data.
Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
Lodge a complaint with the respective supervisory authority.

Questions?

Contact our Data Protection Officer, Dr. Judith Nink, via email or phone.

Privacy Policy (long version)

General information about your privacy

The following information applies to the collection, processing and use of personal data in connection with our services, as but not limited to, the Adblock Plus extension, Adblock Browser and on our websites.

  1. General notes
  2. Who is responsible for data collection and processing?
  3. What is personal data?
  4. What is the purpose of data processing and what is the legal basis?
  5. Do we disclose any personal data?
  6. What rights do you have?
  7. Changes to this Privacy Policy
  8. What kind of data do we collect and process, and how?

General notes

Your protection and data confidentiality is of utmost importance to us ("eyeo", "we", "our"). We take the protection of your personal data very seriously and collect as little data as possible. Nevertheless, collecting data helps our products and websites function correctly, and allows us to communicate with you. Our general Privacy Policy is to avoid collecting more data than necessary. Collected data is anonymized or pseudonymized, if possible, and deleted when no longer needed. This Privacy Policy shall inform you about the collection, processing and use of your personal data. We gather and use personal data firmly within the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the applicable EU Laws and German national data protection laws. In the following text, we will inform you about the specific data, the scope, and the purpose of the collection and use of personal data by eyeo when using our products and visiting our websites.

Who is responsible for data collection and processing (contacts)?

The legal person responsible for the collection, processing and / or use of personal data in connection with our websites and products ("Controller") is:

Controller

eyeo GmbH
Lichtstr. 25
50823 Cologne
Germany

Data Protection Officer

If you have any questions regarding your personal data, please do not hesitate to contact our Data Protection Officer:

Dr. Judith Nink
Phone
+49 (0) 221 / 65028 598
Email
email
Fax
+49 (0) 221 / 65028 599

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information includes, for example, details such as name, postal address, email address or telephone number, but also nicknames, certificates and information about your interests.

What kind of data do we collect and process, and how?

Website logs (by default)

While using the website, we automatically record website logs thereby collecting the following data for technical and for security reasons, and to provide you with our services:
IP address (stored separately)
Date and time of access
Browser name/version1
URL of previously visited webpage2
Amount of data sent

1. For more information, please refer to RFC 7231 Section 5.5.3

2. For more information, please refer to RFC 7231 Section 5.5.2

This data is stored purely for technical reasons and cannot be linked to any individual person. We do not combine the website log data with any other information about you.

Data retention

Such website logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.

Information you give to us on a voluntary basis

You can use the website without providing us with any additional personal data. However, if you want to contact us or apply to the Acceptable Ads Committee, we need some further information in order to respond to your requests, questions and criticism, and to evaluate your application to the Acceptable Ads Committee.

Application form

If you want to apply to the Acceptable Ads Committee, you must provide us with your name, title, company or organization's name, your email address, your stakeholder group and a short description of your motivation for wanting to join the Acceptable Ads Committee. This information is necessary to evaluate your applications and choose qualified members. Optionally, you can provide us with your phone number as an additional contact. For building up the first Acceptable Ads Committee, we will evaluate your application. At a later stage, the Acceptable Ads Committee members will take over the evaluation of applications. Therefore, we will share the applications with the Acceptable Ads Committee members. One of the aims of the Acceptable Ads Committee is transparency. According to the Bylaws, name and company name of applications to join Member Groups, nominations, resignations and terminations must be published on the Acceptable Ads Committee website. In order to fulfill this purpose, we will publish the following information of approved applications on the Acceptable Ads website: name, title, company or organization's name, as well as the respective stakeholder group.

Data retention

We keep application data for maximum period of one (1) month after (i) resignation, provided you have joined the Acceptable Ads Committee, or (ii) rejection, provided your application has been rejected.

What is the purpose of data processing and what is the legal basis?

Purpose of data collection and processing

In compliance with Art. 5 (b) GDPR, we collect and process your personal data for specified, explicit and legitimate purposes and do not further process your data in a manner that is incompatible with those purposes.

We collect and process your personal data solely for the following purposes:
1. We collect and process website logs for technical purposes. We mainly collect and process such data to prevent security attacks and are thus able to provide our services to you in a secure and data-efficient manner.
2. We collect and process your personal data relating to Acceptable Ads Committee applications to evaluate and select applicants for the Acceptable Ads Committee.

We collect and process your personal data in compliance with the GDPR and the applicable EU laws and German national data protection laws.

We will always ask for your consent to collect and process your personal data, unless the collection and processing of your personal data is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal data for the aforementioned specific purposes, you have the right to withdraw your consent at any time.

Collection and processing is necessary for taking steps prior to enter into a contract - Art. 6 (1) b GDPR

The collection and processing of your personal data may be necessary for the performance of a contract to which you may be a party. Prior to entering into such a contract, the collection and processing of your personal data may also be necessary in order to take steps at your request. This applies for the evaluation and selection of applicants for the Acceptable Ads Committee.

Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject – Art. 6 (1) c GDPR

Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.

Collection and processing is necessary for the purposes of our legitimate interests - Art. 6 (1) f GDPR

The collection and processing of your personal data may be necessary for the purposes of our legitimate interests. We collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with unnecessary requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs. Furthermore, we collect and process such data to ensure that our website is constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. Ensuring the usability of our website is in your and our vital interest and therefore we use such data.

Do we disclose any personal data?

We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:
If required for legal proceedings/investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and/or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offenses entailing fines and the German finance authorities.
As part of the further development of our business it may happen that the structure of eyeo GmbH changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions, customer information may be shared with the transmitted part of the company. In the event of a transfer of personal information, softgarden will ensure that it is done in accordance with this Privacy Policy and the German data protection laws.

We will not transfer your personal data to third parties as a matter of course without letting you know in advance. We will ask for your prior permission unless the transfer of such data is permitted by GDPR or any other applicable EU laws and German national data protection laws.

International data transfers

For the following services, we use non-EU/EEA service providers. We have carefully selected these external service providers and review them regularly to ensure that your privacy is preserved. The service providers provide sufficient guarantees to ensure an adequate level of data protection and may only use personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require service providers to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws:

We use external service provider tools for email (GSuite). These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement including the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can access a copy of this agreement here.

In addition, we use the customer relation management tool from Copper CRM, Inc., 301 Howard Street #600, San Francisco, California 94105, USA, and the web integration of Copper’s CRM from Zapier, Inc., 548 Market Street #62411, San Francisco, California 94104, USA, for customer relation management and its web integration. In order to ensure an adequate level of data protection, Copper (certificate can be accessed here) participates in the Privacy Shield. We have entered into a data processing agreement with Zapier, Inc. that includes the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can access a copy of this agreement here.

What rights do you have?

In compliance with the GDPR and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:

Information, access, rectification and restriction rights

Naturally you have the right to receive, upon request, information about the personal data stored by us about you and information about how we collect, process and store your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of your inaccurate personal data. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. You have the right to request restriction of processing.

Right to data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.

Right to erasure of your data

You have the right to demand from us the erasure of your personal data, where – inter alia – one of the following grounds applies:

Please note, if data needs to be retained for legal purposes pursuant to Art. 17 (3) GDPR, we will restrict the use of the respective data.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes the GDPR.

Right to object to the processing of your data

You have the right to object at any time to the collection processing of your personal data on grounds relating to your particular situation, when collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).

You have the right to withdraw your consent at any time when you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes.

How to exercise your rights

To exercise your rights, please contact us via email or write to:

eyeo GmbH
Lichtstr. 25
50825 Cologne
Germany

Changes to this Privacy Policy

This Privacy Policy may be changed from time to time. The respective current version is available at: acceptableads.com/privacy.

What kind of data do we collect and process, and how?

Website logs (by default)

While using the website, website logs are automatically recorded. Thereby, we collect the following data for technical and security reasons, and to provide you with our services:
IP address (stored separately)
Date and time of access
Browser name/version1
URL of previously visited webpage2
Amount of data sent

This data is stored purely for technical reasons and cannot be linked to any individual person. We do not combine the website log data with any other information about you.

Data retention

Such website logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.


1. For more information, please refer to RFC 7231 Section 5.5.3

2. For more information, please refer to RFC 7231 Section 5.5.2

Information you give us on a voluntary basis

You can use the website without providing us with any additional personal data. However, if you want to: receive a newsletter, contact us, apply to the Acceptable Ads Committee, and / or apply as a participant in the Acceptable Ads initiative, we need some further information in order to respond to your: requests, questions or criticism, and /or to evaluate your Acceptable Ads Committee application or to assess whether you are eligible to participate in Acceptable Ads.

Newsletter subscription

We provide you with a newsletter service free of charge. We use the newsletter to inform you about new products, updates on our products and to send you general information about eyeo. We need your name and email address in order to send you the newsletter. You can enter your email address at acceptableads.com. We will store and use your email address solely to send you the newsletter. Optionally you can also provide us with the name of your organization and/ role / title.

Each newsletter contains information on how to unsubscribe (right to withdraw your consent) from your subscription at any time with immediate effect.

Acceptable Ads Committee application form

If you want to apply to the Acceptable Ads Committee, you must provide us with your name, title, company or organization's name, your email address, your stakeholder group, and a short description of your motivation as to why you would like to join the Acceptable Ads Committee. This information is necessary to evaluate your application and choose qualified members. Optionally, you can provide us with your phone number as an additional contact. For building up the first Acceptable Ads Committee, we will evaluate your application. At a later stage, the Acceptable Ads Committee members will take over the evaluation of applications. Therefore, we will share the applications with the Acceptable Ads Committee members.

One of the aims of the Acceptable Ads Committee is transparency. According to the Bylaws, the name and company name of applicants to join Member Groups, nominations, resignations, and terminations must be published on the Acceptable Ads Committee webpage. In order to fulfill this purpose, we will publish the following information of approved applicants on the website: name, title, company or organization's name, and the respective stakeholder group.

Acceptable Ads participation application form

If you want to apply to the Acceptable Ads initiative, you must provide your first name, last name, and email address. This information is necessary to in order to contact you. Optionally, you can provide us with your company name, job title, and company website. We only use this data to contact you and to evaluate your application.

Data retention

We keep:
Newsletter contact data for a maximum period of two (2) months after withdrawing your consent.
Acceptable Ads Committee application data for a maximum period of one (1) month after (i) resignation, provided you have joined the Acceptable Ads Committee, or (ii) rejection, provided your application has been rejected.
Application data for participating in Acceptable Ads:
If confirmed, for the duration of your participation in Acceptable Ads, and for a minimum of 10 years after any participation is concluded.
If not confirmed, for a maximum period of one (1) year after the last communication.

Our social media presence

In order to communicate with you, and to inform you about our activities and offers on social networks, we are active on LinkedIn. Therefore, we still inform you about the data processing processes in connection with our presence on the respective social network as follows.

If you follow our respective online presence on one or more of the social networks used by us, please note that your data may be processed outside the European Union / the European Economic Area. However, all the networks we use have agreed to comply with EU data protection standards within the framework of the EU-U.S. Privacy Shield.

The social networks we use also process your data regularly for market research and advertising purposes. Based on your usage behavior and interests, the networks may create usage profiles which are used, for example, to place advertisements corresponding to your potential interests within and outside the networks. For these purposes, cookies, which store your usage behavior and interests, as well as possibly also the devices you use, are regularly stored on your computer.

For a detailed overview of the respective processing operations and opt-out options, please visit the website of each social network, listed below. For the assertion of your rights and requests for information, we also refer you to the respective social networks, where you can exercise your rights most effectively. This is because the social networks have access to your data and can therefore directly take appropriate measures and provide you with the respective information:
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov