End user privacy policy for Voluum DSP
Last updated: 22.12.2021
This document provides information about our tracking and digital advertising technology platform. Voluum (CentralNic Poland sp. z o.o., with a registered office at ul. Lubicz 17G, 31-503 Kraków, Poland incorporated under the laws of Poland and registered in the companies register of the National Court Register held by District Court Krakow – Srodmiescie in Cracow XI Commercial Division (Sąd Rejonowy dla Krakowa – Śródmieścia w Krakowie XI Wydział Gospodarczy) under (KRS) no. 0000830352, having EU VAT ID: PL5272922087 and the share capital in the amount of 5 000 PLN) owns and develops tracking and digital advertising technology that enables advertisements (also called further ads) to appear within desktop and mobile websites, as well as within mobile applications. The intention of this document is to provide you transparent information how the Voluum Platform runs and how the data is processed, collected, and stored in the platform. We realize that some technical terms might sound complicated to you, so this document presents those terms in simple words as well as explains what the goal of data processing is.
Voluum is firmly committed to protecting the privacy of Internet’s users and fostering users’ confidence in online advertising and marketing. Accordingly, we are committed to observing applicable industry guidelines including those established by the Interactive Advertising Bureau and the General Data Protection Regulation (“GDPR”) by the European Union as well as any other relevant ones. We continue to evaluate enhanced ways to protect Internet users’ privacy while seeking to deliver relevant advertising and custom online experiences to those users on behalf of our customers.
This document outlines Voluum’s End User Privacy Policy and provides you clear notice about the user’s information we may collect and process online in connection with our services. Please note that if you are a California resident (California End user) special provisions of section XII. Additional Notice for California End users apply to you, in accordance with the California Consumer Privacy Act effective from January 1, 2020.
As mentioned above, this document is exclusively addressed to our End users, i.e. users of an Internet connected device, such as visitors to a website, users of a mobile app, or users of an IoT device, or visitors on an advertisement, landing page, or campaign. If you are our customer please check the Privacy Policy document available at https://voluumdsp.com/privacy-policy/.
Our customers use our DSP technology (Voluum DSP available at https://voluumdsp.com/) to execute digital advertising campaigns and our tracking technology (Voluum Tracker available at https://voluum.com/) to monitor, analyze, and optimize the results of digital advertising campaigns. Such operations result in you having indirect (when advertisements are displayed within sites and apps) and direct (when you click any of those advertisements) interactions with our servers.
I. Glossary
- Applicable laws: All the laws and regulations relevant to the collection, processing, and storage of data, especially all the data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”; California Civil Code Section 1798.100 et seq.).
- Ad exchange: This is a platform where people who can offer unsold ad placements meet people who want to buy those placements for their online advertisements. You can think about it as a digital marketplace with a sort of an auction called real-time bidding. However, a buyer can be anybody including other ad exchanges or platforms that sale advertisements to other companies / buyers.
- Ad server: By and large, a server where advertisements are stored, managed, and delivered to you as a website End user. It might also provide a reporting module to check how the advertisements perform.
- Cookie: They are small text files stored locally by a website or ad server. By storing certain information in a cookie, those web browsers or ad servers are able to remember your preferences and recognize websites visited and / or web browser used from one visit to another. To learn more about cookies and how to disable them, visit http://www.allaboutcookies.org.
- Customer: The party who submits an application (on the registration page: https://voluumdsp.com/register/) and uses the Voluum platform.
- Demand Side Platform (DSP): This is a technology used by the buy / demand side through one interface.
- Domain name: It is a character string that helps you to easily go to a website without the necessity of remembering IP addresses. A domain name must be unique for all domain names available on the Internet. It allows you to navigate to a website and discover an online advertisement.
- Do Not Track (DNT): This is an option of the web browser that sends a request to a web application to disable tracking of an individual user.
- End user (visitor): This is a user of an Internet connected device, such as a visitor to a website, a user of a mobile app, or a user of an IoT device, or a visitor on an advertisement, landing page, or campaign.
- Geographic location: This is a piece of information where you are located based on an IP address. Precisely, this is a location of your device that is connected to the Internet and based on that we are able to define a country, region, city, and Internet Service Provider (ISP) your device is connected to.
- HTTP request header: The request header of HyperText Transfer Protocol. The HTTP protocol is used all around the world. Almost all content that shows up in the browser you see is transmitted to your computer (or other device connected to the Internet) over HTTP. For example, when you opened this policy in the browser, many HTTP requests have been sent. Each request contains an HTTP header in which there is information about the browser you use, the requested page, the server and much more.
- HTTP request parameters: The request parameters of HyperText Transfer Protocol are additional pieces of information transmitted from one device to the other that you might see in the address bar of your browser. They are in the form of name=value pairs separated from the URL by a ?. There might be more than one name=value pair, where each of them are separated by an &.
- IP address: An Internet Protocol (IP) address is a set of numbers that each device has assigned to connect with other device over the Internet network. The IP address allows addressing and delivering the information to the right receiver. Every time a piece of information is sent, a device needs to communicate with other devices in a computer network to be able to deliver the message. Sending information in that context means every kind of activity such as surfing, exchanging emails, or downloading an application. The IP address is used to identify the device to which the message is supposed to be sent and find the best way to deliver it.
- Personal information / personal data: Any information relating to an identified or identifiable natural person as defined in Applicable laws, particularly in article 4.1 of GDPR and Section 1798.140 of CCPA.
- Processing: Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (process, processes and processed shall have the same meaning).
- Real-time bidding: Voluum customers who gain access to the Voluum DSP area are able to bid in real time to get the opportunity of showing an online advertisement offered by a certain ad exchange. The winner of the auction is treated as the best candidate from the Voluum DSP side to be able to display the advertisement on a website.
- Referrer domain: In simple words, this is the address of a website that led you, as a visitor, to another page.
- Retargeting: A strategy of online targeted advertising when information is gathered to address visitor’s preferences based on their previous actions / choices. When you, as a visitor, go to one sort of websites, for example because you are looking for a pair of glasses, then the advertisement is displayed in front of you with glasses that you might possibly like.
- Request time: This is the time when a query to the Voluum database is sent. Every time when you click an advertisement, the query request is made, so the Voluum platform is able to store the information about the visit.
- User agent: Information about a device, operating system, web browser is being used to access a website.
- You (visitor): A person who can visit digital advertising campaigns on the Internet.
II. What is Voluum?
Voluum is a cloud-hosted analytics solution, designed for performance marketers and self-serve advertisers to track the progress and profitability of their online campaigns. In other words, the Voluum platform enables our customers to make their online campaigns more efficient and profitable by analyzing the ad-related data and then, optimizing the campaign by addressing them in the most effective way. Thus, our customers collect different kinds of data about visitors’ activities on the Internet to reach the right audience and increase the performance of their online campaigns.
Voluum collects data about different activities of online visitors to allow its customers to address ads to the right audience and display more relevant advertisements on websites. Those visitors are Internet users who surf through the websites, send emails, communicate on social media and see those ads appearing in the content. To display the advertisement at the right time and in the right context, Voluum processes the collected data to measure the ad effectiveness and coverage. All kinds of data are gathered for statistical and reporting purposes and processed collectively as records of certain information to produce a meaningful approach while running an online campaign.
In the next sections, you can find out what information is stored in Voluum and how it relates to your activities as a visitor.
III. Voluum’s Role in Processing Personal Information
While our customers use Voluum Tracker, we act as a customer’s data processor meaning that we process End user’s personal data on behalf of our customer under customer’s instructions under Voluum Tracker Data Processing Agreement.
While our customers use Voluum DSP, the data controller of End user’ personal information is CentralNic Poland sp. z o.o., with a registered office at ul. Lubicz 17G, 31-503 Kraków, Poland incorporated under the laws of Poland and registered in the companies register of the National Court Register held by District Court Krakow – Srodmiescie in Cracow XI Commercial Division (Sąd Rejonowy dla Krakowa – Śródmieścia w Krakowie XI Wydział Gospodarczy) under (KRS) no. 0000830352, having EU VAT ID: PL5272922087 and the share capital in the amount of 5 000 PLN, further referred to as “Voluum”.
In order to legally process End user’s personal data when we act as a data controller for Voluum DSP, we rely on a legal basis listed in the VII. Legal Basis for Processing User Information section.
IV. What Kind of Data Do We Collect and For What Purposes?
In order to perform our services, we are intent on collecting and processing certain information about you and your device. Some of this information (including, for example, your IP addresses and certain unique device identifiers) may identify a particular computer or device and be considered as personal data in some jurisdictions, including the European Union and State of California. . This kind of data enables us to provide aggregated reporting and analysis of the performance of our customer’s advertising campaigns.
The Voluum platform does not collect any data which by itself identifies an individual such as a name, address, phone number, email address.
We also do not collect any “sensitive” or “special categories of personal data” as defined under the European data protection laws as well as personal data of children as defined in Applicable laws.
IP Address
An IP address is used to identify the device’s location as well as, to some extent, user’s location. Based on the IP address visitor’s country, region, city can be characterized and stored in the Voluum platform. Moreover, some more technical specifications are processed such as Internet Service Provider (ISP) or mobile carrier and what type of the connection you use. This data is stored to adjust the online advertisements that are displayed on websites and identify automatic computer programs that might affect our customers’ reporting.
In addition, the IP address is used to limit the number of times a visitor is exposed to a single advertisement.
User Agent
A user agent helps us to identify what kind of a device a visitor uses (TV, desktop, table, mobile phone) and which model it is. Even more, this piece of information is stored to establish device’s parameters such as browser and browser version, operating system, and operating system version. It also allows us to detect the automatic computer programs and fraud attempts.
Additionally, the user agent is used to limit the number of times a visitor is exposed to a single advertisement.
HTTP Request Header
Information from HTTP request headers is used to determine a visitor’s language and referrer domain. That data is then used to present an appropriate advertisement to the End user. It is also stored for analytical purposes.
HTTP Request Parameters
The HTTP request parameters are used to transfer information from third-party services to the Voluum platform and the other way round. Based on that, the Voluum customers are able to find target audiences more effectively and message through appropriate channels. It is also stored for analytical purposes.
Device ID
A device ID is a unique identifier used to accurately measure actions taken by a specific device. It plays a role in personalization, distribution, and performance of the traffic sent to a visitor. The ID enables us to do cross-device matching meaning that the advertisement will be displayed only on one device that belongs to a particular user. It means that if you are an owner of more than one devices connected to the Internet, the IDs of those devices can help us to identify you, determine which advertisement was displayed on which device, and eliminate ad display repetitions for you.
Request Time
This is an exact date and time of interaction with Voluum servers. It is used to present an appropriate advertisement to the End user. It is also stored for analytical purposes.
Unique Identifier (UID)
A unique identifier generated by the platform enables us to match registered events and control the frequency of those events in Voluum.
Note that our publisher partners may share with us additional demographic information, such as age or gender, in order to enable more accurate targeting. We do not use this information to maintain any kind of persistent user’s profile database.
V. How Do We Collect Data?
The Voluum platform uses cookies, mobile SDKs, and in some cases non-cookie technologies, to collect data associated with particular web browsers or devices that you, as a visitor, use.
Voluum uses both types of cookies: session cookies and persistent cookies. Those cookies are used not only to follow visitor’s activities, but also to improve visitor’s experience while surfing through the Internet websites. For example, they are used to identify how many times you have already seen an advertisement, so they allow to differentiate the content of the ad as well as adjust the offer to your current potential needs. Session cookies does not remain after closing a web browser and does not store any information afterward. Persistent cookies are stored locally on your device and may be used by your web browser on subsequent visits to any website. They are used to remember your preferences and personalize the ad content.
In the tracking part of the advertising platform, we also use non-cookie technology such as pixels to set up the communication between your web browser and a server.
Voluum Tracker
In the tracking part of the Voluum platform the following technology is used to gather the data:
- Impression cookie: Some of our customers are only interested in displaying advertisements on websites, so the ads might be noticed by an End user. This type of advertising refers to impressions or ad views. The cookie helps us to monitor this type of activities. It is a session cookie, so it exists as long as your session lasts in your web browser.
- Conversion cookie: This is a cookie that allows to combine a display of an advertisement with a visitor’s actions that happen for a particular offer afterwards. Our customers may define what kind of an action the visitor should take upon to call the ad display successful. For example, they may offer a promotion of an app subscription – every time a visitor subscribes to a particular system, that action is registered as a successful event in the Voluum platform. The cookie allows us to define wether the action happened or not for a particular visitor. That record allows us to measure visitor’s behavior and personalize the ads displayed on websites. It expires after 365 days.
- Lander cookie: This is a cookie associated with a visit on a displayed advertisement. It stores different pieces of information about the visit itself as well as other parameters such as a web browser type, web browser version, device ID. This data is only used for statistical and reporting purposes in the Voluum platform. It expires after one day.
- Unique session cookie: It is used to detect whether a visit is the first visit of a visitor for a particular advertisement or not. It is a session cookie, so it exists as long as your session lasts in your web browser.
- Opt-out cookie: This a cookie that is used for the opt-out option for Voluum Tracker. It gives us information that you do not want to be tracked with desktop and mobile environments. It expires after at least 2 years.
- Tracking pixel: This is an invisible, very small (1 x 1) pixel tag that our customer can put on a website. When you as a visitor open a website where the tracking pixel is placed, the information is sent to Voluum. Pixel tags are used in combination with cookies to track user’s activities while surfing through websites by a particular browser on a particular device.
Voluum DSP
In the digital advertising, the data is collected using the following cookies:
- Sync cookie: This is a unique number that will be assigned to you as a visitor when an advertisement shows up in a website for the first time. The cookie stores the information to inform us that you have seen a certain set of advertisements before, so we may vary them not to overload you with the same content all the time. Shortly, it enhances the advertisement selection. It expires after 30 days.
- Opt-out cookie: This a cookie that is used for the opt-out option for Voluum DSP. It gives us information that you do not want to be tracked with desktop and mobile environments. It expires after at least 2 years.
VI. For What Purposes We Use End User Data?
The data collected and stored in the Voluum platform is used to increase the ad relevance and adjust the ad display to the changing needs of the ad visitor. Particularly, the Voluum data is used for:
Cross-Device Matching
To identify to how many devices a visitor is associated with to cut off ad display repetitions.
Fraud Detection
To monitor the quality of traffic for our customers and blacklist those sources that generate fake visits / clicks.
Frequency Capping
To limit the number of times a visitor is exposed to a single advertisement.
Reporting, Analysis, and Optimization
To measure the effectiveness of online ad campaigns what helps to address the advertisements to right audiences and based on the collected data improve the performance of the campaigns. Briefly, to determine how visitors respond to advertisements they see on the Internet.
Retargeting
To allow the Voluum’s customers to address visitor’s preferences based on their previous actions / choices.
VII. Legal Basis for Processing User Information
If you are a European Union End user or GDPR applies to you under the Applicable Law, our legal basis for collecting and using the End user’s information described above will depend on the user’s information concerned and the specific context in which we collect it.
We rely on your consent when we process your personal data in order to deliver End users targeted advertising and use cookies technology in connection with an End user’s device. If we rely on consent to collect and / or process End user’s information, we will obtain such consent in compliance with applicable laws.
We may also use the End user’s personal data because of our legitimate interests to:
- Operate and improve our technology
- Enable standard advertising controls
- Prepare reports that summarize visitor’s activity
- Analyze and report on the advertisement’s performance (such as tracking views of ad as well as click-through rates on ads), campaign reporting, and campaign forecasting
- Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
If you have questions about or need further information concerning the legal basis on which we collect and use of this data, please contact us using the contact details provided under the Contact us section.
VIII. How Long Do We Store Data?
The collected data is stored using generally accepted security standards. The data retention in the Voluum platform is 24 months starting from the day of the account registration. This data is used for reporting and analysis. When a customer removes their data from Voluum, their storage and retention of data is governed by the Privacy Policy and applicable regulations. The process of removing the collected data from the Voluum platform might take up to 1 month.
IX. Your Choices and the Opt-Out Option
The opt-out option is applicable for End users who see an online advertisement set by a customer. Visitors of advertisements that are a part of digital advertising (Voluum DSP) may choose either the opt-out or Do Not Track option. How to proceed when choosing the Do Not Track option is described in the next section.
If you wish to opt out of being tracked with desktop and mobile website environments from the Voluum platform, you should use the opt-out option. The Voluum platform only processes data collected by its customers meaning that the Voluum customers are obliged to deliver the opt-out option and make it accessible to you as a visitor to an online advertisement. Voluum makes every effort to support its customers to provide such a solution for you, thus you can find below procedures how to make a request to opt out of being tracked.
The Opt-Out Option for Tracking Advertising (Voluum Tracker)
The generic solution of the opt out option offered by the Voluum Tracker is available under the following link:
http://Voluum_customer_domain_name.com/opt-out
where:
Voluum_customer_domain_name is a name of the domain assigned to the Voluum customer.
Because the domain name is set by each customer individually, you need to get in touch with the customer of the online advertisement to find out the correct domain name under which the online advertisement is set. Once the Voluum customer replies with the domain name, you can provide the link in an address bar in your web browser to be able to opt out.
Opting out of being tracked with desktop and mobile website environments from the tracking advertising part of the Voluum platform is valid for at least 2 years for a web browser where the opt-out option has been set. The option can be enabled only for a particular web browser meaning that if you switch to other web browsers, clear cookies, or use a browser’s incognito mode, you need to go through the opt-out procedure once more. When the opt-out option expires, you need to repeat the same procedure to turn it on again.
The Opt-Out Option for Digital Advertising (Voluum DSP)
If you wish to opt out of being tracked with desktop and mobile website environments from Voluum DSP, please click here (third-party cookies should be enabled).
Desktop Website Environments
If you wish to opt out of being tracked with desktop website environments, follow the steps:
(Google Chrome web browser, version 66.0.3359.139, official build)
- From your web browser, select Menu (3 bars at top right of window).
- Select Settings and then scroll down to Advanced. Expand the Advanced section.
- In Privacy and security, select Content Settings > Cookies.
- Turn on the Block third-party cookies toggle.
(Safari web browser, version 11.1 (13605.1.33.1.4))
- From the main menu in your web browser, select Safari > Preferences.
- Go to Privacy and then select the Block all cookies checkbox.
- Confirm your choice by clicking the Block All button.
Mobile Website Environments
If you wish to opt out of being tracked within mobile website environments, follow the steps:
(Android 7.1.2; Google Chrome web browser, version 66.0.3359.158, official build)
- From your web browser, tap Menu (3 bars at top right of window).
- Tap Settings and then swipe down to the Advanced section. Tap the Site settings option.
- Tap Cookies.
- Unselect the Allow third-party cookies option.
(iOS 11.1.1; Safari web browser)
- Go to Settings on your mobile device.
- Tap Settings > Privacy.
- Swipe down to tap the Advertising section.
- Toggle on the Limit Ad Tracking option.
Opting out of being tracked with desktop and mobile website environments from the digital advertising part of the Voluum platform is valid for at least 2 years for a web browser where the opt-out option has been set. The option can be enabled only for a particular web browser meaning that if you switch to start using other web browser, you need to go through the opt-out procedure once more. When the opt-out option expires, you need to repeat the same procedure to turn it on again.
The Do Not Track Option
If you wish to opt out of being tracked with desktop and mobile website environments from the digital advertising part of the Voluum platform (Voluum DSP), you may use the Do Not Track option. This option does not work for the tracking part of the Voluum platform, Voluum Tracker.
Desktop Website Environments
If you wish to turn on the Do Not Track (DNT) option in your web browser for you desktop website environment, follow the steps:
(Google Chrome web browser, version 66.0.3359.139, official build)
- From your web browser, select Menu (3 bars at top right of window).
- Select Settings and then scroll down to Advanced. Expand the Advanced section.
- In Privacy and security, find Send a “Do Not Track” request with your browsing traffic. Turn on the toggle.
- Click Confirm to activate the Do Not Track option in your web browser.
(Safari web browser, version 11.1 (13605.1.33.1.4))
- From the main menu in your web browser, select Safari > Preferences.
- Select Privacy and then Ask websites not to track me.
Mobile Website Environments
If you wish to turn on the Do Not Track (DNT) option in your web browser for you mobile website environment, follow the steps:
(Android 7.1.2; Google Chrome web browser, version 66.0.3359.158, official build)
- From your web browser, tap Menu (3 bars at top right of window).
- Tap Settings and then swipe down to the Advanced section. Find and then, tap the Privacy option.
- Tap “Do Not Track”.
- Toggle the “Do Not Track” option to On.
(iOS 11.1.1; Safari web browser)
- Go to Settings on your mobile device.
- Tap Safari and then swipe down to the Ask Websites Not To Track Me option.
- Toggle on the Ask Websites Not To Track Me option.
X. European Data Subject Rights
If you are a European Union End user or GDPR applies to you under the Applicable Law, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. In particular, you have the right to:
- To request an access and obtain a copy of your data.
- To request a rectification (correct or complete information about you) or erasure (it is sometimes called ‘the right to be forgotten’ that applies in some circumstances).
- To restrict the processing End user information.
- If applicable, to the data portability.
In certain circumstances, you may also have the right to object to the processing of End user’s information when personal data is processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes.
If you have given us your consent to process your data, you have the right to withdraw your consent. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.
You have also the right to lodge a complaint with the Supervisory Authority in particular if you feel that Voluum has not responded to your requests to solve a problem.
If you would like to exercise any of these rights, please contact our data protection officer: [email protected]. Please include information that will enable us to verify your identity within your request.
In addition, you may also use our opt-out functionality described in point IX. Your Choices and Opt Out Option.
XI. Information Transferred from Third-Party Services (Voluum DSP only)
This policy does apply only to usage of the data by the Voluum platform and does not explain the practices of other third-party advertisers or advertising networks. We do not control the privacy practices of such third parties, and you are obliged to get familiar with the privacy policies of those third parties when you use their services. We provide a full list of all advertising networks as well as links to the privacy policies that are published on their websites:
- AdColony, Inc. Privacy Policy
- Adnow.com Privacy Policy
- AdUnity Privacy Policy
- Adventure Alternative Policies
- ADYOULIKE Privacy Policy
- AerServ LLC Privacy Policy
- AppNexus Platform Privacy
- Axonix Ltd Privacy Policy
- Beachfront Media, LLC
- BIDSWITCH Privacy Notice
- Bidtellect, Inc. Privacy Policy
- British Virgin Islands Company, an exclusive agent of Revmob, Privacy Policy
- Cox Media Group, Gamut, Privacy Policy
- Engageya Privacy Policy
- ENVISIONX Ltd Privacy Policy
- Fyber Group Privacy Policy
- glispa Privacy Policy
- Inneractive: Fyber Group Privacy Policy
- ironSource Ltd. Privacy Policy
- Ligatus GmbH, Christophstraße 19, 50670 Cologne, Germany Privacy Policy
- LiveIntent Services Privacy Policy
- MADS Mobile-First Advertising Platform
- MGID Privacy Policy
- Mobfox Privacy Policy
- MoPub Privacy Policy
- Native Ads Privacy Policy
- Nativo, Inc., a Delaware corporation Privacy Policy
- Oath Privacy International
- OpenX Software Ltd. Privacy Policy
- Outbrain Privacy Policy
- Playtem Terms and Conditions (French)
- Polymorph Labs, Inc. Privacy Policy
- PubMatic, Inc. Privacy Policy
- PubNative GmbH, Greifswalder Str. 212, 10405 Berlin Privacy Policy
- PulsePoint, Inc. Ad Exchange Privacy Policy
- Purch Group, Inc. Privacy Policy
- PowerInbox Privacy Policy
- Quantum
- Revcontent Privacy Policy
- RhythmOne Privacy Policy
- Rubicon Project Consumer Online Profile and Opt Out
- Sharethrough Privacy Policy
- Smaato, Inc. Privacy Policy
- Smart AdServer Policy
- Sovrn Holdings, Inc. Privacy Policy
- Switch Concepts Privacy Policy
- Triple Lift, Inc. Privacy Policy
- WO Programmatic Digital Policies
We also inform you that we may disclose your information to the following categories of recipients:
- To our third-party services providers who provide data processing services that support the operation of our services (acting on our behalf), such as analytics providers, IT services providers (for example, cloud or host services providers).
- To our clients and partners to deliver interest-based advertising and other information describing, for example, location context and general statistical information.
- To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary
- (i) under applicable law, and
- (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
XII. Additional Notice for California End users
If you are a California End user special additional provisions of this section apply to you, in accordance with the California Consumer Privacy Act effective from January 1, 2020 (“CCPA”). In matters not covered in this section, the remaining provisions of this End User Privacy Policy apply.
If you have any questions regarding this section XII. Additional Notice for California End users including its content and scope of application you can contact our Data Protection Officer via email: [email protected].
California End users rights
CCPA provides additional privacy protections for California data subjects including:
- the right to request access to your Personal information and request additional details about our practices regarding the processing of your Personal information (right to access),
- the right to request deletion of your Personal information (right to deletion),
- the right to opt out of the “sale” of your Personal information (right to opt out), and
- the right to not be discriminated against for exercising any of your rights granted under the CCPA (right not to be discriminated).
To submit an access or deletion request as well as non-discrimination request please contact our Data Protection Officer via e-mail: [email protected] or by using contact form on page https://voluumdsp.com/contact/. To opt out of the sale of your Personal information please visit the page Do Not Sell My Personal Information.
Your request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Please note that if you wish to exercise your rights with any of Voluum customers, you must make your request directly to them, based on information and procedures that they individually supply.
Disclosure
Categories of Personal Information. We may collect the following categories of Personal information about you or your device: IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) (for detailed description of the above listed categories of Personal Information and purposes for their collection please see section IV. What Kind of Data Do We Collect and For What Purposes?). The Voluum platform does not collect any data which by itself identifies an individual such as a name, address, phone number, email address.
We may have collected all of the above listed categories of your Personal Information during the 12-month period prior to the last update of this End User Privacy Policy.
Purposes of use of Personal Information. The data collected and stored in the Voluum platform is used to increase the ad relevance and adjust the ad display to the changing needs of the ad visitor. Particularly, we may use the categories of Personal information listed above for the purposes of: Cross-Device Matching, Fraud Detection, Frequency Capping, Reporting, Analysis and Optimization, Retargeting (for detailed description of the above listed purposes of use of your Personal Information please see section VI. For What Purposes We Use End User Data?).
In addition, we may use the these categories of Personal information for certain business purposes, as specified in the CCPA, in particular as described in this table:
Categories of Personal Information | Business purposes of use of Personal Information |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Debugging to identify and repair errors that impair existing intended functionality |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Undertaking internal research for technological development and demonstration |
IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID) | Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us |
We may have used your Personal Information for the above listed purposes during the 12-month period prior to the last update of this End User Privacy Policy.
Sale of Personal Information
Due to the specificity of services provided by Voluum via Voluum DSP platform we may sell (as defined by CCPA) your data to advertising networks cooperated with us (the list of them is available in section XI. Information Transferred from Third-Party Services) and our partners and customers. Also our customers (publishers or advertisers) may use our technology to buy or sell Personal information (as defined by CCPA and since the definition of “sale” in CCPA is very broad; for example it includes making available a wide variety of information in exchange for “valuable consideration”), in particular in order to show interest-based advertising presented in apps or in websites.
During the 12-month period prior to the last update of this End User Privacy Policy, the following categories of personal information may have been sold by us or by our customers using our Services: IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID).
As explained in section XV. Children, we do not sell the Personal information of minors we know to be under 16 years of age.
We are firmly committed to protect privacy and also support our customers to provide such a solution for you. As a California End user you have the right to direct us not to sell your Personal information (right to opt-out). For detailed information concerning the right to opt-out, including particularly information on how to exercise this right, please visit the page Do Not Sell My Personal Information or email us at [email protected].
Sharing of Personal Information for Business Purposes
If it is necessary to perform our business purposes we may share Personal information in the manner, however, that does not constitute “sell” under CCPA, for example with third parties such as service providers operating on our behalf – in particular our host providers, if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal information.
We may have disclosed (shared) the following categories of your Personal information during the 12-month period prior to the last update of this Privacy Policy: IP Address, User Agent, HTTP Request Header, HTTP Request Parameters, Device ID, Request Time, Unique Identifier (UID).
For detailed information concerning categories of third parties with whom we may share customers’ Personal information please see section XI. Disclosures of this Privacy Policy.
XIII. Transfer of Personal Data Outside EEA
We work with customers and partners throughout the world, including in the European Economic Area (EEA) as well as countries outside of the European Economic Area (EEA). In order to ensure that your personal data is adequately protected when transferred outside of the EEA, we relies on a decision of the European Commission, stating that a third country may be considered as providing an adequate level of data protection or on standard contractual clauses adopted by the European Commission (the EU Commission Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council). You may contact us if you require a copy of the safeguards which we have put in place to protect your data transferred outside of the EEA and your privacy rights in these circumstances. You may also learn more about EU Commission Decision on standard contractual clauses for the transfer of personal data to entities established in third countries here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
XIV. Security
Voluum uses various security technologies and procedures that help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.
For example:
- Personnel: Only qualified and authorized employees are permitted to access personal information, and they may do so only for permitted business functions.
- Data Protection Officer: We appointed a Data Protection Officer who in particular watches over the security of your data, monitors our compliance with Applicable laws, and is a point of contact for you in all matters regarding Data protection; you can contact our Data Protection Officer via email: [email protected].
- Security Measures: We use encryption in the transmission of your personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
- Payments: All supplied sensitive / credit information is transmitted via Secure Socket Layer (SSL) technology and then, encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
- Additional Safeguards: We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of your information. Our security procedures mean that we may request proof of your identity before we disclose personal information to you.
- Trusted Vendors: We rely only on vendors who ensure an appropriate level of security of your data. In this context, we use only secure cloud servers, including AWS cloud – a secure, private cloud platform. Amazon Web Services is our processor. AWS Amazon cloud platform uses various security technologies and procedures to protect personal data and is compliant with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. For more details please see AWS Amazon security and privacy policy at www.aws.amazon.com.
XV. Children
Protecting children’s privacy is very important to Voluum. Our platform is not intended for, designed to be used by, or targeted at children as defined in Applicable laws. We do not allow our partners and customers to send to us personal data of children.
XVI. Contact Us
If there are any questions regarding this End User Privacy Policy, you may contact us using the information below:
CentralNic Poland sp. z o.o., with a registered office at ul. Lubicz 17G, 31-503 Kraków, Poland incorporated under the laws of Poland and registered in the companies register of the National Court Register held by District Court Krakow – Srodmiescie in Cracow XI Commercial Division (Sąd Rejonowy dla Krakowa – Śródmieścia w Krakowie XI Wydział Gospodarczy) under (KRS) no. 0000830352, having EU VAT ID: PL5272922087 and the share capital in the amount of 5 000 PLN.
General contact form: https://voluum.com/contact/
Voluum’s Data Protection Officer contact: [email protected]