Effective date: May 25, 2018
Last updated: May 22, 2018
This document provides information about our digital advertising technology platform. Zeropark (owned and developed by Codewise spółka z ograniczoną odpowiedzialnością spółka komandytową established in Krakow at Lubicz street 17G, 31-503 Kraków, Poland) owns and develops advertising technology that enables advertisements (also called further ads) to appear within desktop and mobile websites, as well as within mobile applications. The intention of this document is to provide you transparent information how the Zeropark platform runs and how the data is processed, collected, and stored in the platform. We realize that some technical terms might sound complicated to you, so this document presents those terms in simple words as well as explains what the goal of data processing is.
Codewise is firmly committed to protecting the privacy of Internet users and fostering users’ confidence in online advertising and marketing. Accordingly, we are committed to observing applicable industry guidelines including those established by the Interactive Advertising Bureau and the General Data Protection Regulation (“GDPR”) by the European Union. We continue to evaluate enhanced ways to protect Internet users’ privacy while seeking to deliver relevant advertising and custom online experiences to those users on behalf of our customers.
This document outlines Codewise’s End User Policy and provides you a clear notice about the user information we may collect and process online in connection with our services.
Our customers use our technology (Zeropark available at https://zeropark.com/) to execute advertising campaigns. Such operations result in you having indirect (when advertisements are displayed within sites and apps) and direct (when you click any of these advertisements) interactions with our servers.
- Applicable laws: All the laws and regulations relevant to the collection, processing, and storage of data, especially all the data protection laws and the General Data Protection Regulation (EU) 2016/679(GDPR).
- Ad exchange: This is a platform where people who can offer unsold ad placements meet people who want to buy those placements for their online advertisements. You can think about it as a digital marketplace with a sort of an auction called real-time bidding. However, a buyer can be anybody including other ad exchanges or platforms that sale advertisements to other companies / buyers.
- Ad server: By and large, a server where advertisements are stored and managed, and delivered to you as a website end user. It might also provide a reporting module to check how the advertisements perform.
- Customer: The party who submits an application on one of the registration pages: https://panel.zeropark.com/bidding/register or https://panel.zeropark.com/panel/register and uses the Zeropark platform.
- Domain name: It is a character string that helps you to easily go to a website without the necessity of remembering IP addresses. A domain name must be unique for all domain names available on the Internet. It allows you to navigate to a website and discover an online advertisement.
- End user (visitor): This is a user of an Internet connected device, such as a visitor to a website, a user of a mobile app, or a user of an IoT device, or a visitor on an advertisement, landing page, or campaign.
- Geographic location: This is a piece of information where you are located based on an IP address. Precisely, this is a location of your device that is connected to the Internet and based on that we are able to define a country, region, city, and Internet Service Provider (ISP) your device is connected to.
- HTTP request header: The request header of HyperText Transfer Protocol. The HTTP protocol is used all around the world. Almost all content that shows up in the browser you see is transmitted to your computer (or other device connected to the Internet) over HTTP. For example, when you opened this policy in the browser, many HTTP requests have been sent. Each request contains an HTTP header in which there is information about the browser you use, the requested page, the server and much more.
- IP address: An Internet Protocol (IP) address is a set of numbers that each device has assigned to connect with other device over the Internet network. The IP address allows addressing and delivering the information to the right receiver. Every time a piece of information is sent, a device needs to communicate with other devices in a computer network to be able to deliver the message. Sending information in that context means every kind of activity such as surfing, exchanging emails, or downloading an application. The IP address is used to identify the device to which the message is supposed to be sent and find the best way to deliver it.
- Personal information / personal data: Any information relating to an identified or identifiable person as defined in article 4.1 of GDPR.
- Processing: Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (process, processes and processed shall have the same meaning).
- Real-time bidding: Zeropark’s customers are able to bid in real time to get the opportunity of showing an online advertisement offered by a certain ad exchange. The winner of the auction is treated as the best candidate to display the advertisement on a website.
- Referrer domain: In simple words, this is the address of a website that led you, as a visitor, to another page.
- Targeting: A strategy of online advertising when information is gathered to address visitor’s preferences based on the collected data. When you as a visitor go to websites in one particular language, then the advertisement is displayed in front of you in the same language you were browsing and relates to the region you are located.
- User agent: Information about a device, operating system, web browser is being used to access a website.
- You (visitor): A person who can visit digital advertising campaigns on the Internet.
II. What is Zeropark?
Zeropark is a real-time bidding pop and domain traffic network. This means that Zeropark connects one group of customers (publishers) looking to monetize their websites with other group (advertisers) that want to sell items or services to the visitors of these websites. Zeropark enables the advertisers to get traffic from publishers’ parked domain redirects to advertisers’ landing pages or via new browser windows popping-up on publishers’ websites and displaying an advertisement.
There is a number of advertisers willing to score each display of an advertisement. To determine whose ad gets displayed, an auction is held. It takes place as a visitor loads the page, so it usually takes about milliseconds. In that time all interested advertisers automatically put their predetermined bids, the highest of which wins the bidding, resulting in displaying an ad.
In the next sections you can find out what information is stored in Zeropark and how it relates to your activities as a visitor.
III. Codewise’s Role in Processing Personal Information
While our customers use Zeropark, we act as a customer’s data processor meaning that we process end user’s personal data on behalf of our customer under customer’s instructions under Zeropark Data Processing Agreement.
IV. What Kind of Data Do We Collect and For What Purposes?
In order to perform our services, we are intent on collecting and processing certain information about you and your device. Some of this information, for example your IP addresses, may identify a particular computer or device and be considered as “personal data” in some jurisdictions, including the European Union. This kind of data enables us to provide aggregated reporting and analysis of the performance of our customer’s advertising campaigns.
The Zeropark platform does not collect any data which by itself identifies an individual such as name, address, phone number, email address.
We also do not collect any “sensitive” or “special categories of personal data” as defined under European data protection laws as well as personal data of children.
An IP address is used to identify the device’s location as well as, to some extent, user’s location. Based on the IP address visitor’s country, region, or city can be characterized and stored in the Zeropark platform. Moreover, some more technical specifications are processed such as Internet Service Provider (ISP). This data is stored to adjust the online advertisements that are displayed on websites and identify automatic computer programs that might affect our customers’ reporting.
In addition, the IP address is used to limit the number of times a visitor is exposed to a single advertisement.
A user agent helps us to identify what kind of a device a visitor uses (TV, desktop, table, mobile phone) and which model it is. Even more, this piece of information is stored to establish device’s parameters such as browser and browser version, operating system, and operating system version. It also allows us to detect the automatic computer programs and fraud attempts.
Additionally, the user agent is used to limit the number of times a visitor is exposed to a single advertisement.
HTTP Request Header
The HTTP request header is used for troubleshooting purposes to fix customer’s issues with campaign’s settings.
A device ID is a unique identifier used to accurately measure actions taken by a specific device. It plays a role in personalization, distribution, and performance of the traffic sent to a visitor.
Information about a domain is stored to be able to determine whether a domain is fake or not. Moreover, it helps to find a specific category of a website that is related to a customer’s advertisement. This allows displaying advertisements where their topics are very close to the topic of the website visitors see in front of them. The domain information is also used for reporting and troubleshooting purposes.
The referrer domain data is stored for troubleshooting purposes as well as used to define whether a website is addressed to an adult audience. This helps to display the advertisement always to a proper audience.
Defining keywords and targeting by them is a popular form of online advertising when customers want to address their advertisements to people who are looking for such keywords on the Internet. Zeropark helps them to define those keywords and, once defined, store them in the platform. Keywords are also used when it comes to troubleshooting to sort out issues with campaign’s settings.
Note that our publisher partners may share with us additional demographic information, such as age or gender, in order to enable more accurate targeting. We do not use this information to maintain any kind of persistent user profile database.
V. How Do We Collect Data?
Zeropark collects end user’s data being sent either by a publisher or through third-party partners. This data consists of an IP Address, User Agent, Referrer, Accept Language, all HTTP Headers, and Keywords.
Whenever Zeropark wins an auction and customer displays an ad from Zeropark, the IP Address, User Agent, Referrer, Accept Language, all HTTP Headers are also retrieved from end user’s browser request sent to Zeropark.
VI. For What Purposes We Use End User Data?
The data collected and stored in the Zeropark platform is used by Zeropark’s customers to increase the ad relevance and target different kinds of audiences. Particularly, our customers use Zeropark for:
Adult Visit Detection
To check a type of an audience (adult or non-adult) and display an advertisement only to the proper one.
Fake and Duplicated Traffic Detection
To monitor the quality of traffic for our customers and blacklist those sources that generate fake or duplicated visits / clicks.
Fake Domain Detection
To detect domains that might look like an original domain of the customer and abuse the domain’s reputation for different sorts of benefits.
To limit the number of times a visitor is exposed to a single advertisement.
To allow the Zeropark’s customers to address visitor’s preferences that refer to a geographic location. The targeting is mainly based on a country, Internet Service Provider, or demographic data.
To measure the effectiveness of online ad campaigns what helps to address the advertisements to right audiences and based on the collected data improve the performance of the campaigns. Briefly, to determine how visitors respond to advertisements they see on the Internet. The goal of the optimization is helping advertisers predicting the cost of a particular campaign and find an optimal value.
Reporting aggregates data for troubleshooting, analysis, improve our customers’ experience, provides custom reporting for both publishers and advertisers.
Targeting by Keywords
To choose words that are relevant or important to a displayed advertisement to be able to target end users searching for the same terms.
To fix technical issues that Zeropark’s customer experience while running their online campaigns and identify faulty settings of the configuration.
VII. Legal Basis for Processing User Information
For our customers, meaning both advertisers and publishers, we collect and process end users’ personal data as their data processor under Zeropark Data Processing Agreement.
If you are a European Union End user or GDPR applies to you under the Applicable Law, our customers need to have a legal basis for collecting and using the end user information described above. The kind of legal basis used by our customers will depend on the user information concerned and the specific context in which we collect it. Mainly, this legal basis is end users’ consent in particular when end users’ personal data is collected and processed in order to deliver targeted advertising to the end user.
Sometimes, end user’s data can also be processed under legitimate interests of our customers, in particular to:
- Operate and improve our technology
- Enable standard advertising controls
- Prepare reports that summarize visitor’s activity
- Analyze and report on the advertisement’s performance (such as tracking views of ad as well as click-through rates on ads), campaign reporting, and campaign forecasting
- Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
VIII. How Long Do We Store Data?
The collected data is stored using generally accepted security standards. The data retention of visitor’s activities in the Zeropark platform is 3 months starting from the day of the customer’s account registration. This data is used for reporting and analysis. After 3 months, all collected data regarding visitors is removed.
IX. Your Choices and the Opt-Out Option
The opt-out option is applicable for end users who see an online advertisement set by a customer.
If you wish to opt out of being tracked with desktop and mobile website environments from Zeropark, please click here.
Opting out of being tracked with desktop and mobile website environments from the Zeropark platform is valid for 10 years for a web browser where the opt-out option has been set. The option can be enabled only for a particular web browser meaning that if you switch to start using other web browsers, make an update for the current version of the web browser, clear cookies, or use a browser’s incognito mode, you need to go through the opt-out procedure once more. When the opt-out option expires, you need to repeat the same procedure to turn it on again.
X. European Data Subject Rights
If you are a European Union end user or GDPR applies to you under the Applicable Law, you have certain rights and protections under the law regarding the collection, processing, and use of information about you. In particular, you have the right to:
- To request access and obtain a copy of your data.
- To request rectification (correct or complete information about you) or erasure (it is sometimes called ‘the right to be forgotten’ that applies in some circumstances).
- To restrict the processing end user information.
- If applicable, to the data portability.
In certain circumstances, you may also have the right to object to the processing of end user’s information when personal data is processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes.
If you have given us your consent to process your data, you have the right to withdraw your consent. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.
You have also the right to lodge a complaint with the Supervisory Authority in particular if you feel that Codewise has not responded to your requests to solve a problem.
As we act as a processor of end users’ personal data on behalf of our customer, according to GDPR, taking into account the nature of the processing, we are obliged to assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in GDPR.
In aforementioned matters, please contact our Data Protection Officer: firstname.lastname@example.org. Please include information that will enable us to verify your identity within your request.
In addition, you may also use our opt-out functionality described in IX. Your Choices and the Opt Out Option.
XI. Transfer of Personal Data Outside EEA
We work with customers and partners throughout the world, including in the European Economic Area (EEA) as well as countries outside of the European Economic Area (EEA).
In order to ensure that your personal data is adequately protected when transferred outside of the EEA, Codewise:
- relies on EU-U.S. Privacy Shield Program – Privacy Shield is a “partial” adequacy decision, as, in the absence of a general data protection law in the U.S., only the companies committing to abiding by the binding Privacy Shield principles benefit from easier data transfer. In such cases, your personal data will be transferred to the territory of USA in accordance with applicable laws, with appropriate safeguards in place, only to Privacy Shield certified vendors (according to the EU Commission Decision 2016/1250), or by using standard contractual clauses adopted by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC (the “Model Contract Clauses”), or based on other applicable transborder data transfer mechanisms,
- has entered into inter-company EU “model clause” agreements.
You may contact us if you require a copy of the safeguards which we have put in place to protect your data transferred outside of the EEA and your privacy rights in these circumstances.
You may also learn more about:
- Privacy Shield Program here https://www.privacyshield.gov/Program-Overview and here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
- EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries here https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087 and here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
Codewise uses various security technologies and procedures that help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.
- Personnel: Only qualified and authorized employees are permitted to access personal information, and they may do so only for permitted business functions.
- Data Protection Officer: We appointed a Data Protection Officer who in particular watches over the security of your data, monitors our compliance with GDPR, and is a point of contact for you in all matters regarding data protection; you can contact our Data Protection Officer via email: email@example.com.
- Security Measures: We use encryption in the transmission of your personal information between your system and ours and we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
- Payments: All supplied sensitive / credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
- Additional Safeguards: We maintain physical, electronic and procedural safeguards in connection with the collection, storage, and disclosure of your information. Our security procedures mean that we may request proof of your identity before we disclose personal information to you.
Protecting children’s privacy is very important to Codewise. Our platform is not intended for, designed to be used by, or targeted at children. We do not allow our partners and customers to send to us personal data of children as defined under GDPR.
XV. Contact Us
Codewise Sp. z o.o. Sp. K.
Ul. Lubicz 17G, 31-503 Kraków, Poland
General contact form: https://codewise.com/contact/
Codewise’s Data Protection Officer contact: firstname.lastname@example.org