We respect people’s right to privacy. We therefore want you to be familiar with how we collect, use and share information, and the options available to you. If you have any questions, you may contact our Responsible person Stian Remaad at firstname.lastname@example.org.
First, here are some terms we use and what they mean:
- "Applicable data protection law" shall mean applicable legislation protecting data subjects' right to privacy with respect to the processing of personal data, including but not limited to the GDPR and any local implementation laws.
- "Consent", "Data Subject", "Personal Data", "Personal Data Breach", "Processing", "Supervisory Authority", "Controller", "Processor" and other terms in the GDPR shall have the same meaning as set out in the GDPR.
- "GDPR" shall mean the EU General Data Protection Regulation 2016/679.
- "Publisher Property" means the websites, mobile applications and/or other digital media properties owned or operated by the Controller, using Adnuntius’ Services.
2. Data privacy principles
Adnuntius is committed to protecting your right to privacy, and to Processing data in accordance with its responsibilities under Applicable data protection law. Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without undue delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.”
3. General provisions
This policy applies to all personal data processed by Adnuntius, and shall be reviewed at least annually. The Responsible Person and Data Protection Officer (DPO), Stian Remaad (email@example.com), shall take responsibility for Adnuntius’ ongoing compliance with this policy.
3.1 Data minimization. Adnuntius shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Data collection will be limited to what is necessary for the purposes as they are described in this Data Protection Policy.
3.2 Accuracy. Adnuntius shall take reasonable steps to ensure personal data is accurate. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
3.3 Place of storage. Adnuntius stores all data in data centers located in Germany and in the Netherlands. We shall also ensure that our cloud technology partners provide industry-leading security and compliance with Applicable Data Protection Law, and that we have a data processing agreement in place to ensure their compliancy.
3.4 Security measures. Adnuntius shall have technical and organizational security measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. These measures shall ensure a level of security appropriate to the risk presented to the processing and the nature of the personal data to be protected having regard to the state of the art and the cost of their implementation. Adnuntius shall limit access to the personal data to relevant personnel, and ensure that all personnel authorized to process the personal data have committed themselves to confidentiality.
3.5 Breach. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, Adnuntius shall without undue delay assess the risk to people’s rights and freedom, and if appropriate, report this breach within the time and place defined in the GDPR regulations;
- Adnuntius will within 72 hours of becoming aware of the breach, report the breach.
- If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, Adnuntius will also inform those individuals without undue delay.
- Adnuntius shall have in place robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
- Adnuntius will also keep a record of any Personal Data breaches, regardless of whether we are required to notify.
4. Provisions specific to individual technologies
Adnuntius gathers data through three systems and/or interfaces.
- Adnuntius.com website: Adnuntius.com is our company website. This site gathers user data enabling us to better understand user behavior, and to retarget our customers with ads based on their visits.
- Adnuntius technology: Adnuntius delivers technologies that enable our customers to gather user data for advertising, analysis and personalization purposes. We use our own and partners’ technologies to deliver this value proposition to our customers.
- Emediate technology: Emediate is a company fully owned by Adnuntius, that offers an advertising platform to customers. Emediate technology enables our customers to target digital ads to users’ preferences.
4.1 Adnuntius.com website
4.1.1 Purpose of processing. Adnuntius.com contains cookies that store data on how you use this site, like for instance what you click on and what content you consume. We also combine data from cookies with anonymous demographic data from other sources to make a user profile. We do this to personalize the user experience, and to show you relevant advertising.
4.1.2 Transparency and control. To gather data as described in point 4.1.1 we need your consent. We will provide you with the tools to decide yourself whether or not you want to share your data with us. When you first visit our website we will present you with these choices, and we will store your choices for your next visit. You may at any time review your personal information, and you may at any time withdraw your consent. If you withdraw your consent then all data will be deleted. You may still use our services, but you will not be able to use services that require personalization. If you want to withdraw your consent you may do so by sending an email to firstname.lastname@example.org.
Adnuntius.com uses two Processors that gather information. Here is more information on these:
- Squarespace is a service that enables us to build and host the Adnuntius.com website in a user friendly fasion. Privacy and cookie policies can be found at https://www.squarespace.com/privacy and https://www.squarespace.com/cookie-policy. You can opt in and out of being tracked here: https://www.youronlinechoices.eu/.
4.2 Adnuntius technology
4.2.1 Purpose of processing, and control. For the Adnuntius platform, we act as a Data Processor, meaning that we process data on behalf of our customers. When you visit one of our customers’ websites, we set cookies on your browser that allows us to fulfill the purpose of processing. Our customers are required by Applicable data protection law to inform you about the information gathered, and where to delete information, or opt out of information to be gathered.
4.2.2 Transparency. Our customers are required by Applicable data protection law to inform you about the information gathered. Nonetheless, we also want to show you exactly what we gather on behalf of our customers. You will therefore be able to find information about all Personal Data, contact persons and sub-processors here: https://docs.google.com/spreadsheets/d/1fZOwQFU0MZhO_ZU5iHPUprBkcb6yzo2TWMTgC_zNGew/edit#gid=0.
4.3 Emediate technology
4.3.1 Purpose of processing, and control. For the Emediate platform, we act as a Data Processor, meaning that we process data on behalf of our customers. When you visit one of our customers’ websites, we set cookies on your browser that allows us to fulfill the purpose of processing. Our customers are required by Applicable data protection law to inform you about the information gathered, and where to delete information, or opt out of information to be gathered.
4.3.2 Transparency. Our customers are required by Applicable data protection law to inform you about the information gathered. Nonetheless, we also want to show you exactly what we gather on behalf of our customers. You will therefore be able to find information about all Personal Data, contact persons and sub-processors here: https://docs.google.com/spreadsheets/d/1M7NYsvOgjsHSLx6Rt-2aSmpLHs-8ytH8HaXlrsuobdU/edit#gid=386694969.