Privacy Policy of
ABTTags service

This Privacy Policy (the “Policy“) provides information about the processing of your personal data in connection with our provision of the ABTTags service (the “Service“).

ABTTags is an automated service for monitoring user activity and profiling for marketing purposes.

 

Data Controller

The controller of your personal data is EDGE NPD limited liability company based in Warsaw (registered office address: ul. Czeska 22 A, 03-902 Warsaw), entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0000441520, holding NIP (tax identification number): 9522122126, REGON number: 146413766, with a share capital of PLN 50,000 (fifty thousand zlotys) fully paid up (hereinafter: the “Administrator“)..

The Administrator may also act as a personal data processor on behalf of another entity or as a joint controller of personal data together with another entity. Regardless of the organizer’s status, the information contained in the Policy applies in every case, irrespective of the capacity in which the Administrator processes personal data.

 

Contact with the Administrator

For all matters related to the processing of personal data, you may contact the Data Protection Officer appointed by the Administrator via email at: dpo@edgenpd.com:

 

Personal Data Protection Measures

The Administrator applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), the Act of 10 May 2018 on the protection of personal data, and other personal data protection regulations.

To ensure full transparency of the Services, the Administrator applies the principles implemented by IAB Europe’s guidelines and policies (“IAB Europe Transparency & Consent Framework”), which aim to create a standard for personal data processing and to unify the rules of their processing for better protection.

 

Information about the Personal Data Processed

The operation of the Service requires the processing of your personal data, with the data processed being those that do not allow your direct identification. Below you will find detailed information about the purposes and legal bases of the processing.

 

Purpose of Processing

Personal Data Processed

Legal Basis

Create user profiles for personalized advertising and marketing messages

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) the frequency and timing of device interactions in conjunction with the corresponding monitored service, if available,

5) Tags – descriptive information that can be assigned to a specific device.

Article 6(1)(a) of the RODO

 

(data processing is based on your consent)

 

Purpose of the TCF:

(a) Storing and/or accessing information on the device,

(b) Creation and selection of personalized content,

(c) Developing and improving the product,

(d) Using data to select content.

Information about your activity for this processing purpose (such as forms submitted, content viewed) may be stored and combined with other information about you (for example, information about your previous activity on this service and other websites or applications) or similar users.

 

The administrator will process the above personal data until you withdraw your consent.

 

 

Purpose of Processing

Personal Data Processed

Legal Basis

Profiling of processed personal data

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) The frequency and duration of device interactions in connection with the respective monitored service, if available.

5) Tags – descriptive information that can be assigned to a specific device.

 

 

 

 

Article 6(1)(a) of the RODO

 

(data processing is based on your consent)

 

Purpose of the TCF:

(a) Storing and/or accessing information on the device,

(b) Creation and selection of personalized content,

(c) Developing and improving the product,

(d) Using data to select content.

 

Personal data collected on this basis is used in an automated manner to evaluate, analyze or forecast aspects related to users (demographics and personal preferences).

 

The administrator will process the above personal data until you withdraw your consent.

 

 

Purpose of Processing

Personal Data Processed

Legal Basis

Using identifiers to combine information held about individual Users

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) The frequency and duration of device interactions in connection with the respective monitored service, if available.

5) Tags – descriptive information that can be assigned to a specific device.

Article 6(1)(f) of the GDPR

 

(the processing is necessary for the purposes of the legitimate interests pursued by the Administrator)

 

Purpose of the TCF:

(a) Market research to obtain information on customers,

b) Storing and/or accessing information on a device,

c) Developing and improving the product.

Processing is necessary to create or edit your profile from various websites and applications to personalize advertising.

 

The Administrator will process the aforementioned personal data until a valid objection is lodged or the purpose of processing is achieved.

 

 

Purpose of Processing

Personal Data Processed

Legal Basis

Generate reports and conduct User analytics:

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) The frequency and duration of device interactions in connection with the respective monitored service, if available.

5) Tags – descriptive information that can be assigned to a specific device.

Article 6(1)(f) of the GDPR

 

(the processing is necessary for the purposes of the legitimate interests pursued by the Administrator)

 

Purpose of the TCF:

(a) Measuring the effectiveness of ads to generate reports,

b) Storing and/or accessing information on a device,

c) Developing and improving the product.

Data processing is necessary to improve the operation of the Service and for the purpose indicated above.

 

The Administrator will process the aforementioned personal data until a valid objection is lodged or the purpose of processing is achieved.

 

 

 

 

Purpose of Processing

Personal Data Processed

Legal Basis

Providing customers (advertisers) with users’ data in the form of their profiles

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) the frequency and timing of device interactions in conjunction with the corresponding monitored service, if available,

5) Tags – descriptive information that can be assigned to a specific device.

 

Article 6(1)(a) of the RODO

 

or

 

Article 6(1)(f) of the GDPR

 

(the basis for processing is your consent or the legitimate legal interest of the controller)

 

Purpose of the TCF:

(a) Measuring the effectiveness of advertising;

b) Storing and/or accessing information on a device,

c) Developing and improving the product.

 

The processing of data is necessary for the purpose of fulfilling contracts between the Controller and other data controllers and for the purpose of providing users with the best possible tailored and profiled marketing content.

 

The administrator will process the above personal data until the consent is withdrawn, an effective objection is made, or the purpose of the processing is achieved.

 

 

 

 

Purpose of Processing

Personal Data Processed

Legal Basis

Sharing data with certain data recipients for the purpose of generating reports and conducting analyses of Users

1) Cookie identifier – collected via clients’ or contractors’ websites or received from partners,

2) Other identifiers or internet technologies, such as data from TCP/IP, TLS, HTTP protocol layers, provided they meet security and data pseudonymization requirements,

3) IP address, URL address, device type, and other data describing the characteristics of the device/application (e.g., browser version, language version, device time zone),

4) The frequency and duration of device interactions in connection with the respective monitored service, if available

5) Tags – descriptive information that can be assigned to a specific device.

 

Article 6(1)(f) of the GDPR

 

(the processing is necessary for the purposes of the legitimate interests pursued by the Administrator)

 

Purpose of the TCF:

a) Developing and improving the product,

(b) Measure the effectiveness of advertising to the extent necessary to generate reports,

c) Storing and/or accessing information on a device

Data processing is necessary to improve the operation of the Service and for the purpose indicated above.

 

The Administrator will process the aforementioned personal data until a valid objection is lodged or the purpose of processing is achieved.

 

Purpose of Processing

Personal Data Processed

Legal Basis

Fulfillment of obligations related to personal data protection

 

The contact data you provide in your personal data inquiry (e.g., name and surname, email address, mailing address, phone number)

Article 6(1)(c) of the GDPR

 

(The processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations arising from personal data protection regulations)

Providing the aforementioned personal data is voluntary but necessary for the proper fulfillment by the Administrator of obligations arising from personal data protection regulations, including the exercise of rights granted to you under the GDPR (failure to provide the aforementioned data will result in the inability to properly exercise these rights).

 

The Administrator will process the aforementioned personal data until the expiration of the limitation periods for claims arising from violations of personal data protection regulations.

 

Please be advised that your consent to the processing of your personal data on its basis can be withdrawn at any time. You can withdraw your consent via the settings in your browser or via pop- up cookies if the service where ABT Tags cookies are placed offers them. Your withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

 

Recipients of Personal Data

The recipients of personal data will be the following external entities cooperating with the Administrator:

  1. the Administrator’s clients and contractors;
  2. providers of services enabling data storage;
  3. […].

In addition, personal data may also be transferred to public or private entities, if such an obligation arises from generally applicable laws, a final court judgment or a final administrative decision.

 

Transfer of Personal Data to a Third Country

In connection with the Administrator’s use of services provided by Google LLC, your personal data may be transferred to the following third countries: the United Kingdom, Canada, the United States, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for the transfer of data to the aforementioned third countries is:

 

  • In the case of the United Kingdom, Canada, Israel, Japan, and South Korea – decisions of the European Commission recognizing an adequate level of personal data protection in each of the aforementioned third countries;
  • In the case of the United States – Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, recognizing an adequate level of personal data protection ensured under the EU-US Data Privacy Framework;
  • In the case of Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia, and Australia – contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses specified in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

You may obtain from the Administrator a copy of the data transferred to a third country, subject to the reservation mentioned at the bottom of the “Rights” section.

 

Rights

In connection with the processing of personal data, you have the following rights:

  • The right to be informed about which personal data concerning you are processed by the Administrator and to receive a copy of that data (the so-called right of access). The first copy of the data is free of charge; for subsequent copies, the Administrator may charge a fee;
  • If the processed data become outdated, incomplete, or otherwise inaccurate, you have the right to request their rectification;
  • In certain situations, you may request the Administrator to delete your personal data, for example when:
    1. the data are no longer necessary for the purposes for which the Administrator informed you;
    2. you have effectively withdrawn your consent to the processing of data—provided that the Administrator does not have the right to process the data on another legal basis;
    3. the processing is unlawful;
    4. konieczność usunięcia danych wynika z ciążącego na Administratorze obowiązku prawnego;
  • In cases where personal data are processed by the Administrator based on your given consent or for the performance of a contract concluded with you, you have the right to transfer your data to another controller;
  • If personal data are processed by the Administrator based on the consent you have given, you have the right to withdraw that consent at any time (withdrawal of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal);
  • If you believe that the personal data being processed are incorrect, unlawfully processed, or that the Administrator no longer needs certain data, you may request that, for a specified necessary period (e.g., to verify the accuracy of the data or to pursue claims), the Administrator refrains from performing any operations on the data and only stores them;
  • You have the right to object to the processing of personal data where the legal basis for processing is the legitimate interests of the Administrator. Upon a valid objection, the Administrator will cease processing personal data for the aforementioned purpose;
  • You have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of personal data violates the provisions of the GDPR.

The Administrator informs that the type of data processed within the operation of the Service does not allow for the unequivocal identification of a given user due to their pseudonymized nature. In this case, pursuant to Article 11(1) of the GDPR, the Administrator is not obliged to maintain, obtain, or process additional information to identify the data subject and has the right—after prior notification to the user (if possible)—to refuse to fulfill the rights of that user arising from Articles 15–20 of the GDPR (unless the user independently provides the Administrator with information enabling their identification).

 

Cookies

  1. The Administrator informs that as part of the Service, it uses cookies installed on your end device. These are small text files that can be read by the Administrator’s system as well as by systems belonging to other entities whose services the Administrator uses.
  2. The Administrator uses cookies for the following purposes:
    1. Ensuring the proper functioning of the Service – thanks to cookies, the Service can operate efficiently and be continuously improved,
    2. Increasing the security of the service using the Service – thanks to cookies, it is possible to detect errors and suspicious activities on certain subpages and marketing actions used by the service, as well as to continuously improve them;
    3. Creating statistics – cookies are used to analyze how users interact with the service utilizing the Service. This enables continuous improvement of the Service and tailoring its operation to users’ preferences;
  3. The Administrator informs that the cookies used within the Service are essential for the operation of the website in which they are placed to ensure the security of its activity and do not require your consent for their use.
  4. The Administrator may place both persistent and temporary (session) cookies on your device. Session cookies are usually deleted when the browser is closed, whereas closing the browser does not delete persistent cookies.
  5. Information about the cookies used by the Administrator is displayed in the panel located at the bottom of the website where the Service operates. Depending on your choice, you can enable or disable cookies of specific categories (except for essential cookies) and change these settings at any time.
  6. Data collected through cookies does not allow the Administrator to identify you.
  7. Through most commonly used browsers, you can check whether cookies have been installed on your end device, as well as, in some cases, delete installed cookies and block their installation by the Service in the future. However, disabling or restricting the handling of cookies may cause significant difficulties in using the website where the Service operates.
  8. As part of the Service’s operation, the Administrator uses only “first-party cookies” consisting of a random 32-character string to identify the network traffic of individual users on the website where the Service is located.
  9. Cookies are stored by the Administrator for a period of 365 days, unless the Administrator is required by applicable law to retain them for a longer period.

Final Provisions

To the extent not regulated by the Policy, the generally applicable data protection regulations shall apply.

The Policy is effective as of July 18, 2025.