Data Collection and Usage

Here you will see details about how we collect, store and use user data.

Personal Data Stored in Device Cookies

All information is declared under https://delivery.adnuntius.com/.well-known/deviceStorage.json. The table below is provided for easier reading.

Name
Type
Purpose
Expiry

usi

Cookie

Identify the user across multiple sessions (TCF: 1, 2, 4, 7)

30 days

sessionId

Cookie

Identify the user session across multiple requests (TCF: 1, 2, 4, 7)

Length of browser session

i

Cookie

Records a history of advertisements shown to the user (TCF: 1, 2)

30 days

c

Cookie

Records a history of advertisements shown to the user (TCF: 1, 2)

30 days

v

Cookie

Records a history of advertisements shown to the user (TCF: 1, 2)

30 days

s

Cookie

Records a history of advertisements shown to the user (TCF: 1, 2)

30 days

r

Cookie

Records a history of advertisements shown to the user (TCF: 1, 2)

30 days

t

Cookie

User retargeting. Records data about the user when they are browsing an advertiser's website, and then uses this data to select advertisements when the user is browsing a publisher's website. (TCF: 1, 4)

30 days

cnv

Cookie

Records the most recent time that a specific advertisement was seen by the user. Used to track conversions e.g. if the user subsequently performs an eligible action, such as purchasing a product, on the advertiser's website. (TCF: 1, 4)

30 days

consent

Cookie

(*Deprecated*) Replaced by IAB TCF string and no longer read or written

No expiry

noCookies

Cookie

Records user cookie preference specified here: http://delivery.adnuntius.com/consent (TCF: 1)

No expiry

doNotTrack

Cookie

Records user tracking preference specified here: http://data.adnuntius.com/consent (TCF: 1)

No expiry

adn.metaData

Web

Stores the cookie data detailed above in the browser web storage (TCF: 1, 2, 4, 7)

Null

All objects above with Type "Cookie" use the following domains: delivery.adnuntius.com, europe.delivery.adnuntius.com, ads.adnuntius.delivery, limited.delivery.adnuntius.com, and limited.europe.delivery.adnuntius.com.

Storage: Cookies are stored on the user's personal device and are transmitted with each request to the Adnuntius platform, where they are read by the Adnuntius software. The cookie data is not stored or accessible anywhere on the Adnuntius servers. The personal information that is stored on Adnuntius servers is outlined in a separate tab in this file.

Please note that Adnuntius offers a privacy-safe ad serving alternative commonly referred to as "cookieless ad serving" (more details here: https://docs.adnuntius.com/adnuntius-advertising/requesting-ads/cookieless-advertising If you use the cookieless alternative Adnuntius will not set any of these cookies, and also not set a user ID. For more information, please visit the page linked to above.

Viewing History Stored in Databases

Personal information: User Identifier and list of advertisements and Timestamps

Purpose: To allow control of how many times, per unit time, that an advertisement is shown to an individual ("frequency capping"). For example: show an advertisement no more than twice per week to each unique viewer. This data replicates what is also stored in device cookie storage, but is also stored on the Adnuntius servers to allow cross-device frequency capping.

Expiry: 30 days after last update.

Storage: Data is stored on servers controlled by Adnuntius and delivered by sub-processor Hetzner.

Location Targeting

Named locations derived from IP addresses

Purpose: Enable Controller and potentially its customers to target by country, region, city and/or post/zip code.

Expiry: All information is discarded immediately after looking up and matching the information to a named location.

Storage: No location data is stored under this Purpose. The IP addresses are checked against named locations stored on our servers. No data is sent to any external party.

Involved sub-processors: Adnuntius uses Digital Envoy, who supplies us with a file mapping IP addresses to named locations. This file is stored on Adnuntius servers (Hetzner) as described under "Sub-Processors" found below.

Longitude and latitude

Please note: this data is only processed if actively sent by the Controller.

Purpose: Enable Controller and potentially its customers to target by exact location.

Expiry: All information is discarded immediately after any advertisements are matched to the location.

Storage: No location data is stored under this Purpose.

Involved sub-processors: None.

Device Targeting

Data: As the user agent string is sent to Adnuntius the following data is stored:

  • Name, supplier and version of browser (example: Mobile Safari)

  • Family, model, supplier and name of hardware (example: iPad Pro 9.7)

  • Name, supplier and version of platform (example: Apple)

  • Type of device (example: Desktop)

  • Operating system (example: Android)

Purpose: Enable Controller and potentially its customers to target advertisements to the collected information.

Expiry: All information is discarded immediately after looking up and matching the collected information to device information stored on our servers.

Storage: No device data from Data Subjects is stored under this Purpose.

Involved sub-processors: Adnuntius uses 51 Degrees, who supplies us with a file mapping the device information we collect to the details of a device. This file is stored on Adnuntius servers as described under the tab "Sub-Processors" found here.

Segment Targeting

User identifier and list of pages viewed.

  • Details: page domain-name (NOT the full URL); content categories of the page; content keywords of the page; device type used to view the page; user location (country and region) when viewing the page.

  • Purpose: Enable Controller to build segments (Data Subjects grouped by their common behavior and/or characteristics) based on their consumption of pages on Controller's Properties.

  • Expiry: 30 days.

  • Storage: Data is stored on servers controlled by Adnuntius and its sub-processors.

  • Involved sub-processors: Adnuntius uses providers of data centers to store data. Please see "Sub-Processors" below for more information.

Profile fields

  • Details: firstName, lastName, title, dateOfBirth, age, gender, status, language, description, company, website, rank, level, type, emailPrivate, emailWork, phone, mobilePhone, addressLine1, addressLine2, state, city, areaCode, zipCode, postCode, region, country, educationName, educationType, educationDegree, educationSchool, educationField, educationStartYear, educationEndYear, skills, facebook, instagram, snapchat, twitter, avatar, transactions, lastLogin, logins, products, favouriteTopics, personalInterests.

  • Purpose: Enable Controller to build segments (Data Subjects grouped by their common behavior and/or characteristics) based on their characteristics.

  • Expiry: 180 days.

  • Storage: Data is stored on servers controlled by Adnuntius and its sub-processors.

  • Involved sub-processors: Adnuntius uses providers of data centers to store data. Please see "Sub-Processors" below for more information.

Segments pre-built by Controller before sent to Adnuntius

CRM Matching

The following description is an example to support better understanding of how CRM matching is performed by Adnuntius. The example uses the scenario where a publisher ("Publisher") and an advertiser ("Sporting Goods Store") wish to engage in CRM matching (in this example using email addresses to match IDs) so that Sporting Goods Store can target ads for slalom boots to Data Subjects who have previously purchased slalom skis from Sporting Goods Store.

Step
Details

1: Publisher sends email addresses and any other data as wanted to Adnuntius in accordance with tab 3.4 in this document, along with Publisher's Folder ID (always required in order for the data to be safely stored in a cleanroom available to Publisher alone).

2: Sporting Goods Store sends email addresses and the relevant purchase information in accordance with section 3.4 in this document, along with Sporting Goods Store's Folder ID (always required in order for the data to be safely stored in a cleanroom available to Sporting Good Store alone).

The common user identifier is used to identify a Data Subject across domains, and the Folder ID is to confirm that such cross-domain identification is authorized by Controller.

4: Publisher implements the Folder ID in its consent tool (CMP) to ensure that only users who consent will be matched.

When a request for an ad is sent from Publisher then Sporting Goods Store's segment identifier (a unique identifier for the segment created) is sent with the ad request, so that ads can match the request.

5: When steps 1-4 are set up and an ad request is sent from Publisher's pages to Adnuntius, any Segment ID that the user belongs to will be sent along with the ad request so that Sporting Goods Store's ads can be targeted. No user data is shared between the parties.

Expiry: The connection between Publisher and Sporting Goods Store remains in place until Sporting Goods Store removes the Folder ID from the data sent to Adnuntius.

Reporting

Standard reporting

Data: Please see https://docs.adnuntius.com/adnuntius-advertising/admin-ui/reports/the-statistics-defined for information about which metrics are stored.

Purpose: Enable Controller and potentially its customers to obtain insights about campaigns' performance.

Expiry: No expiry.

Storage: Data is stored on servers controlled by Adnuntius and its sub-processors.

Involved sub-processors: Adnuntius uses providers of data centers to store data. Please see the tab "Sub-Processors" here for more information.

Raw data

Adnuntius offers its customers to transfer raw data to its own databases. If customers choose to do so, then Adnuntius will hold on to user data for 24 hours before it is permanently deleted from our servers. Customers will in that time period have the opportunity to access the database and transfer the data to their own servers.

To see what data is recorded, please see this page. Some rules apply to these data:

  • User agent strings are Recorded if Network Config is set to "No Consent Required". They are not recorded if Network Config is set to "Consent Required".

  • Latitude and longitude are recorded only if consent is provided.

  • Other data is always recorded as long as raw data is enabled.

Storage: All data is stored in Hetzner's data centers (see "Sub-Processors" for more information) in Germany and Finland. Snapshots of Adnuntius data are periodically saved to Amazon Simple Storage Service (AWS S3)'s Frankfurt data center. All data is encrypted with AES prior to leaving the Germany and Finland data centers, is transmitted via a secured channel, and is stored in its encrypted form in a private S3 bucket.

Login and Changes

Data
Purpose

Email address and name associated with a user account

The email address provides a unique login identifier for users managing their Adnuntius account using the administration user interface (UI) or application programming interface (API). The email address is also used for password reset and other communications with the user as required. The name is used throughout the UI, and there are no requirements or validations on the data used in this field.

All changes made by a user account

Customers expect to see who have made which changes to campaigns and other objects in Adnuntius. We therefore need to store when a change was performed, by who, and what change occured.

Last login and password change

Control who have visited the portal and made certain changes, and to provide support to people who need to change their passwords.

Expiry: No expiry.

Storage: Data is stored on servers controlled by Adnuntius and its sub-processors.

Involved sub-processors: Adnuntius uses providers of data centers to store data. Please see "Sub-Processors" below for more information.

Context Matching

Purpose: enable Controller and potentially its customers to target ads to the content of a page. The content of a page may include keywords on the page, the categories of the page, or the overall understanding of a page's text (including title, ingress and body texts) using large language models such as for instance GPT or BERT.

Data: no user data is involved, as no information is stored to a cookie or any other user identifier. The information is rather stored to the specific page, so that when any user visits the page the advertisement can be matched to the page's content, not to any user information.

Storage: Data is stored on servers controlled by Adnuntius and its sub-processors.

Involved sub-processors: Adnuntius uses providers of data centers to store data. Please see the tab "Sub-Processors" here for more information.

Responsibles

Data Protection Officer, and responsible on behalf of the Processor:

Stian Remaad, CEO Adnuntius | Email: stian@adnuntius.com

Sub-Processors

Hetzner Online GmbH

Contact information: Industriestrasse 25, 91710 Gunzenhausen, Germany - info@hetzner.com - +49 (0)9831 505-0

Sub-Processor's role: Hetzner is Adnuntius' supplier of servers in Europe, and stores data about all users tracked by any of the tracking mechanisms specified in this document.

Locations of servers: Germany and Finland.

Data processing agreement: https://drive.google.com/file/d/0B0QhCoSpD01kMWo0ZFdVN0ZKTUx3bTd1NGNQWnlIbkJhdEpz/view?usp=sharing&resourcekey=0-ea_4a8qjdN4XULwQQDrBeg

Basis for transfer: EU standard clauses.

MaxMind

Contact information: https://www.maxmind.com/en/company/contact-us

Sub-Processor's role: Maxmind provides Adnuntius with location targeting technology, enabling Adnuntius to translate an IP address to a named location. Maxmind provides files that are stored on our databases, and no data is as such transferred to Maxmind.

Locations of servers: Germany and Finland.

Data processing agreement: No data is sent to nor processed by the supplier.

Amazon Web Services

Contact information: https://pages.awscloud.com/compliance-contact-us.html

Sub-Processor's role: Snapshots of Adnuntius data are periodically saved to Amazon Simple Storage Service (AWS S3)'s Frankfurt data center. All data is encrypted with AES prior to leaving the Hetzner data centers (Germany and Finland) and sent to this Frankfurt data center, is transmitted via a secured channel, and is stored in its encrypted form in a private S3 bucket.

Locations of servers: Germany

Data processing agreement: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Basis for transfer: EU standard clauses.

Adnuntius Australia PTY LTD

Contact information: Antonios Sarhanis; antonios@adnuntius.com; +61 416 173 732

Sub-Processor's role: Adnuntius Australia is a company fully owned by Adnuntius AS, and is the company where several of our developers are employed. These developers need to access databases to develop functionality, and the purpose of the attached agreement is to ensure transparency in how our developers located outside of EU may access personal information.

Locations of servers: Not applicable.

Data processing agreement: https://drive.google.com/file/d/1e3V4odfkl2Syc1bngFZddjBQJ7lMCXj8/view?usp=sharing

Basis for transfer: EU standard clauses.

Paypal

Contact information: https://www.paypal.com/va/webapps/mpp/ua/privacy-full#2

Sub-Processor's role: Our customers who use Adnuntius Self-Service may use a payment service provider to charge self-service advertisers. PayPal is one of the options available.

Locations of servers: Please see PayPal's privacy policy.

Data processing agreement: https://www.paypal.com/us/webapps/mpp/ua/data-protection

Basis for transfer: EU standard clauses.

Cloudflare

Contact information: 101 Townsend Street San Francisco, CA 94107, USA; Emily Hancock, Data Protection Officer, legal@cloudflare.com

Sub-Processor's role: Cloudflare terminates prebid requests at the edge, decrypts it, and tunnels it to our adservers for a fast ad response.

Locations of servers: Worldwide points of presence. For EU companies: to ensure that only European servers are used, just send the GDPR ad tag parameter (gdpr: 1) with the ad request as explained here.

Data processing agreement: https://www.cloudflare.com/en-au/cloudflare-customer-dpa/

Basis for transfer: EU standard clauses.

CDN77

Contact information: DataCamp Limited, 207 Regent Street, London, UK; compliance@cdn77.com

Sub-Processor's role: CDN77 stores creative assets for fast worldwide ad delivery. CDN77 does not handle any data subject information and is as such not subject to privacy legislation.

Locations of servers: Worldwide points of presence.

Data processing agreement: https://client.cdn77.com/files/cdn77-gdpr-dpa.pdf

Security Measures

Please visit https://adnuntius.com/security-measures. Password is granted on request to support@adnuntius.com.

Last updated