Privacy notice (short version)

Your protection and data confidentiality is of utmost importance to us (“eyeo“, “we“, “our“). The following privacy notice shall provide you with a general overview about the collection, processing and use (hereinafter together referred to as “processing“) of your personal data on our website AcceptableAds.com (hereinafter referred to as “website”). For more information regarding our processing activities, please view our complete Privacy Policy.

 

What kind of personal data do we process?

1. While using our website, by default

  • IP address (stored separately)
  • Date and time of access
  • The URL accessed
  • Browser name / version
  • URL of previously
  • visited webpage
  • Amount of data sent
  • Geolocations
  • Aggregated analytics data

2. When subscribing to a newsletter

  • Automatically:
    • Name
    • Email address
  • Voluntary:
    • Organization
    • Role / title

3. When applying for the Acceptable Ads Committee (AAC)

  • Automatically:
    • Name
    • Title
    • Company or organization’s name
    • Email address
    • Stakeholder group
    • Short description of your application motivation
  • Voluntary:
    • Phone number
    • Additional contact

4. When applying to participate in the Acceptable Ads initiative as a publisher, advertiser, SSP, DSP or other ad tech provider

  • Automatically:
    • First and last name
    • Email address
  • Voluntary:
    • Company name
    • Job title
    • Company website

5. On our social media pages

  • Usage profiles

 

How do we collect data?

List of techniques and tools we use for data collection.

  • Log files
  • Newsletter sign-up
  • form
  • Cookies
  • Application sign-up
  • forms
  • Customer relation management tool
  • Data you provide to us with via social media
  • In connection with our social media pages:
    • Cookies

 

How and why do we process your data?

  • For technical purposes, such as, but not limited to, preventing security attacks, to improve our website and to ensure website security.
  • If requested by you, to inform you about or contact you in connection with our products and / or to send you reports or other information.
  • To analyze aggregated website logs, and for non-EU/EEA users analytics data, to improve our website.
  • In connection with our social media pages, social networks use the data for market research and advertising purposes.

 

What is the legal basis of data processing?

We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU laws and German national data protection laws.

How long do we keep data?

  • Website logs are stored for 30 days. Note: “Aggregated usage statistics” and data without any connection to single users may be retained beyond these periods.
  • Application data for the AAC:
    • If becoming a member or representative, for a maximum period of one (1) month after resignation.
    • If rejected, for a maximum period of one (1) month after rejection.
  • Application data for participating in the Acceptable Ads initiative:
    • If confirmed, for the duration of your participation in Acceptable Ads, and for a minimum of 10 years after any participation is concluded.
    • If not confirmed, for a maximum period of one (1) year after the last communication.
  • Email addresses for newsletter services for no more than two (2) months after unsubscribing.

 

Our values

We collect as little data as possible. As far as anonymous or pseudonymous use is possible we anonymize or pseudonymize your data.

 

What rights do you have?

In compliance with the GDPR, and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the right to:

  • Receive information about the personal data processed by us and how we process your data as well as to gain access to such data.
  • Rectify inaccurate personal data and restrict details.
  • Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller.
  • Request erasure of your data, unless such data needs to be retained for legal purposes.
  • Object to the processing of your data.
  • Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
  • Lodge a complaint with the respective supervisory authority.

Questions?

Contact our Data Protection Officer, Dr. Judith Nink, via email or phone.

Privacy policy (long version)

General information about your privacy

The following information applies to the collection, processing and use of personal data in connection with our services, as but not limited to, the Adblock Plus extension, Adblock Browser and on our websites.

  1. General notes
  2. Who is responsible for data collection and processing?
  3. What is personal data?
  4. What is the purpose of data processing and what is the legal basis?
  5. Do we disclose any personal data?
  6. What rights do you have?
  7. Changes to this Privacy Policy
  8. What kind of data do we collect and process, and how?
  9. Privacy notice for California residents

General notes

Your protection and data confidentiality is of utmost importance to us (“eyeo“, “we“, “our“). We take the protection of your personal data very seriously and collect as little data as possible. Nevertheless, collecting data helps our products and websites function correctly, and allows us to communicate with you. Our general privacy policy is to avoid collecting more data than necessary. Collected data is anonymized, if possible, and deleted when no longer needed. This privacy policy shall inform you about the collection, processing and use of your personal data. We gather and use personal data firmly within the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU Laws and German national data protection laws. In the following text we will inform you about the specific data, the scope and the purpose of the collection and use of personal data by eyeo when using our products and visiting our websites.

For non-EU/EEA users only: Google Analytics

We use Google Analytics, a web analytics service from Google Inc. (“Google”), on our Websites. Google Analytics uses so-called “cookies” (text files stored on your computer that enable us to analyze your use of our Websites). Information generated by the cookies (including your abbreviated IP address) is transmitted to and stored at a Google server in the United States. Google uses this information to assess your use of our Websites, to compile activity reports, and to provide more services connected with the use of our Websites. It is possible that Google may transmit this information to third parties if required by law, or if third parties process this information on behalf of Google.

You can deactivate Google Analytics if you do not want to help us improve our products. But please note that in this case, a cookie will be set that stores your deactivation choice. This cookie is considered a “necessary cookie” and can’t be deactivated.

[Change cookie settings]


For
non-EU/EEA users only: Google Tag Manager

Our Website uses Google Tag Manager for the implementation of Google Analytics. Google Tag Manager, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated. These tags then may register data under certain deactivated domains or on a cookie level. This setting will remain in place for all tracking tags implemented with Google Tag Manager.

Who is responsible for data collection and processing (contacts)?

The legal person responsible for the collection, processing and / or use of personal data in connection with the website (“Controller“) is:

Controller

eyeo GmbH
Lichtstr. 25
50825 Cologne
Germany

Data Protection Officer

If you have any questions regarding your personal data, please do not hesitate to contact our Data Protection Officer:

Dr. Judith Nink

Phone
+49 (0) 221 / 65028 598
Email
privacy@eyeo.com
Fax
+49 (0) 221 / 65028 599

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information includes, for example, details such as name, postal address, email address or telephone number, but also nicknames, certificates and information about your interests.

Do we disclose any personal data?

We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:

  • If required for legal proceedings/investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and/or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offenses entailing fines and the German finance authorities.
  • As part of the further development of our business it may happen that the structure of eyeo GmbH changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions, customer information may be shared with the transmitted part of the company. In the event of a transfer of personal information, softgarden will ensure that it is done in accordance with this Privacy Policy and the German data protection laws.

We will not transfer your personal data to third parties as a matter of course without letting you know in advance. We will ask for your prior permission unless the transfer of such data is permitted by GDPR or any other applicable EU laws and German national data protection laws.

 

International data transfers

For the following services, we use non-EU/EEA service providers. We have carefully selected these external service providers and review them regularly to ensure that your privacy is preserved. The service providers provide sufficient guarantees to ensure an adequate level of data protection and may only use personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require service providers to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws:

We use external service provider tools for email (GSuite). These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement including the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can access a copy of this agreement here.

In addition, we use the customer relation management tool from Copper CRM, Inc., 301 Howard Street #600, San Francisco, California 94105, USA, and the web integration of Copper’s CRM from Zapier, Inc., 548 Market Street #62411, San Francisco, California 94104, USA, for customer relation management and its web integration. In order to ensure an adequate level of data protection, Copper (certificate can be accessed here) participates in the Privacy Shield. We have entered into a data processing agreement with Zapier, Inc. that includes the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can access a copy of this agreement here.

 

Necessary cookies

eyeo may store cookies in order to provide you with comprehensive features and improved ease of use when navigating our website, or to store your privacy preferences. Cookies are small files that are stored on your computer with the help of your internet browser. The cookies are necessary to provide you with our services, are not evaluated in any other manner, and are never used to track Website visitors. If you do not want to enable cookies, you can opt against using them by selecting the appropriate settings on your browser. Please note that the efficiency and range of our services may be restricted as a result.

What rights do you have?

In compliance with the GDPR and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:

 

Information, access, rectification and restriction rights

Naturally you have the right to receive, upon request, information about the personal data stored by us about you and information about how we collect, process and store your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of your inaccurate personal data. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. You have the right to request restriction of processing.

 

Right to data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.

 

Right to erasure of your data

You have the right to demand from us the erasure of your personal data, where – inter alia – one of the following grounds applies:

  • If we no longer need your personal data for the aforementioned purposes.
  • If you withdraw your consent on which the collection and processing is based and where there are no other legal grounds for the collection and processing.
  • If you object to the collection and processing and there are no overriding legitimate grounds for the collection and processing.

Please note, if data needs to be retained for legal purposes pursuant to Art. 17 (3) GDPR, we will restrict the use of the respective data.

 

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes the GDPR.

 

Right to object to the processing of your data

You have the right to object at any time to the collection processing of your personal data on grounds relating to your particular situation, when collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).

 

Right to withdraw your consent at any time

You have the right to withdraw your consent at any time, when you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes.

 

How to exercise your rights

To exercise your rights, please contact us [via email](mailto:privacy@eyeo.com) or mail to:

 

eyeo GmbH
Lichtstr. 25
50825 Cologne
Germany

Changes to this Privacy Policy

This Privacy Policy may be changed from time to time. The respective current version is available at www.acceptableads.com/privacy.

What kind of data do we collect and process, and how?

Website logs (by default)

While using the website, website logs are automatically recorded. Thereby, we collect the following data for technical and security reasons, and to provide you with our services:

  • IP address (stored separately)
  • Date and time of access
  • Browser name / version¹
  • URL of previously visited webpage²
  • Amount of data sent

This data is stored purely for technical reasons and cannot be linked to any individual person. We do not combine the website log data with any other information about you.

 

Data retention

Such website logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.

 

  1. For more information, please refer to https://tools.ietf.org/html/rfc7231#section-5.5.3 ↩
  2. For more information, please refer to https://tools.ietf.org/html/rfc7231#section-5.5.2 ↩

 

For non-EU/EEA users only: Google Analytics

We use Google Analytics, a web analytics service from Google Inc. (“Google”), on our Websites. Google Analytics uses so-called “cookies” (text files stored on your computer that enable us to analyze your use of our Websites). Information generated by the cookies (including your abbreviated IP address) is transmitted to and stored at a Google server in the United States. Google uses this information to assess your use of our Websites, to compile activity reports, and to provide more services connected with the use of our Websites. It is possible that Google may transmit this information to third parties if required by law, or if third parties process this information on behalf of Google.

 

You can deactivate Google Analytics if you do not want to help us improve our products. But please note that in this case, a cookie will be set that stores your deactivation choice. This cookie is considered a “necessary cookie” and can’t be deactivated.

 

For non-EU/EEA users only: Google Tag Manager

Our Website uses Google Tag Manager for the implementation of Google Analytics. Google Tag Manager, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated. These tags then may register data under certain deactivated domains or on a cookie level. This setting will remain in place for all tracking tags implemented with Google Tag Manager.

 

Information you give us on a voluntary basis

You can use the website without providing us with any additional personal data. However, if you want to: receive a newsletter, contact us, apply to the Acceptable Ads Committee, and / or apply as a participant in the Acceptable Ads initiative, we need some further information in order to respond to your: requests, questions or criticism, and /or to evaluate your Acceptable Ads Committee application or to assess whether you are eligible to participate in Acceptable Ads.

 

Newsletter subscription

We provide you with a newsletter service free of charge. We use the newsletter to inform you about new products, updates on our products and to send you general information about eyeo. We need your name and email address in order to send you the newsletter. You can enter your email address at acceptableads.com. We will store and use your email address solely to send you the newsletter. Optionally you can also provide us with the name of your organization and/ role / title.

Each newsletter contains information on how to unsubscribe (right to withdraw your consent) from your subscription at any time with immediate effect.

 

Acceptable Ads Committee application form

If you want to apply to the Acceptable Ads Committee, you must provide us with your name, title, company or organization’s name, your email address, your stakeholder group, and a short description of your motivation as to why you would like to join the Acceptable Ads Committee. This information is necessary to evaluate your application and choose qualified members. Optionally, you can provide us with your phone number as an additional contact. For building up the first Acceptable Ads Committee, we will evaluate your application. At a later stage, the Acceptable Ads Committee members will take over the evaluation of applications. Therefore, we will share the applications with the Acceptable Ads Committee members.

One of the aims of the Acceptable Ads Committee is transparency. According to the Bylaws, the name and company name of applicants to join Member Groups, nominations, resignations, and terminations must be published on the Acceptable Ads Committee webpage. In order to fulfill this purpose, we will publish the following information of approved applicants on the website: name, title, company or organization’s name, and the respective stakeholder group.

 

Acceptable Ads participation application form

If you want to apply to the Acceptable Ads initiative, you must provide your first name, last name, and email address. This information is necessary to in order to contact you. Optionally, you can provide us with your company name, job title, and company website. We only use this data to contact you and to evaluate your application.

 

Data retention

We keep:

  • Newsletter contact data for a maximum period of two (2) months after withdrawing your consent.
  • Acceptable Ads Committee application data for a maximum period of one (1) month after (i) resignation, provided you have joined the Acceptable Ads Committee, or (ii) rejection, provided your application has been rejected.
  • Application data for participating in Acceptable Ads:
    • If confirmed, for the duration of your participation in Acceptable Ads, and for a minimum of 10 years after any participation is concluded.
    • If not confirmed, for a maximum period of one (1) year after the last communication.

 

Our social media presence

In order to communicate with you, and to inform you about our activities and offers on social networks, we are active on LinkedIn. Therefore, we still inform you about the data processing processes in connection with our presence on the respective social network as follows.

 

If you follow our respective online presence on one or more of the social networks used by us, please note that your data may be processed outside the European Union / the European Economic Area. However, all the networks we use have agreed to comply with EU data protection standards within the framework of the EU-U.S. Privacy Shield.

 

The social networks we use also process your data regularly for market research and advertising purposes. Based on your usage behavior and interests, the networks may create usage profiles which are used, for example, to place advertisements corresponding to your potential interests within and outside the networks. For these purposes, cookies, which store your usage behavior and interests, as well as possibly also the devices you use, are regularly stored on your computer.

 

For a detailed overview of the respective processing operations and opt-out options, please visit the website of each social network, listed below. For the assertion of your rights and requests for information, we also refer you to the respective social networks, where you can exercise your rights most effectively. This is because the social networks have access to your data and can therefore directly take appropriate measures and provide you with the respective information:

California Privacy Notice

This section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.

“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

What Personal Information we collect and how we use it

In order to provide you with our products and services (“Products”), we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please click here. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:

  • Identifiers;
  • Internet or other electronic network activity information, including information about your browser and your interaction with our website; and
  • Professional information about your organization or your role in that organization.

We may have collected these categories of Personal Information for the following business purposes:

  • To provide customer service and evaluate and improve our Products;
  • To provide limited analytic services;
  • To communicate with you about our Products;
  • To evaluate applications that you submit to us in connection with our Products;
  • To ensure security and functionality of our Products; and
  • To perform other business purposes..

How we share Personal Information

Subject to the limitations in this Privacy Policy, we share your Personal Information with external vendors (“Service Providers”) that are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than the specific business purposes described in the contract. These Service Providers include:

  • Service providers that analyze your use of our website and test the accompanying data; and
  • Service providers that facilitate user support and customer relations.

Additionally, we may also share your Personal Information with law enforcement or third parties as necessary to comply with legal requirements.

Sources from which we collect Personal Information
We receive Personal Information from you, your interaction with our website and application forms, and our external service providers. The categories of sources from which we have collected or received Personal Information include:

  • You: We collect information that you volunteer, such as contact information and other information that you provide to us in connection with general inquiries or as part of an application to the Acceptable Ads Initiative and/or the Acceptable Ads Committee.
  • Our Website: We collect information about how you interact with and use our website.
  • Your Application Forms: We collect information that you volunteer in order for us to evaluate your request to participate in the Acceptable Ads Initiative or as a member of the Acceptable Ads Committee. This information may include professional information and your motivation for participating in our programs.
  • Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including, analytics and user support and relations management.

What are your rights under the CCPA?
The CCPA provides you with the following rights:

  • Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
  • Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity.

Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.

To exercise any of these rights, please submit a request to privacy@eyeo.com.

 

 

Contact for more information

If you have any questions about this section or how to exercise your rights under the CCPA, please contact us.

 

 

November 2020