Privacy and cookie policy

 

  1. General Provisions
  • This Privacy Policy sets out how, through the ABTShield service, we collect, share and use any information that, when used alone or in combination with other information, may relate to you, and sets out the rights you have with respect to the Personal Data we process about you and describes how you can exercise those rights.
  • Rest assured that we take our privacy obligations very seriously, so we have developed this Privacy Policy describing binding standards to protect your Personal Data.
  • As a data controller, we are responsible for ensuring that the processing of personal data complies with applicable data protection laws, in particular the GDPR. This Privacy Policy describes the high standards we use to protect your personal data with the utmost care.
  • We participate in the IAB Europe Transparency and Consent Framework and adhere to the resulting guidelines and principles. We acknowledge the principles adopted by IAB Europe in the IAB Europe Transparency & Consent Framework, which aims to create a standard for the processing of personal data and standardize the principles of processing to better protect it.
  • We have appointed a Data Protection Officer who can be contacted via email at: dpo@edgenpd.com for all matters related to the processing of Personal Data.
  • Respecting your privacy is one of our values. Please read this Privacy Policy carefully. If you have any questions, please contact us by email at: dpo@edgenpd.com or by mail at ul. Czeska 22a, 03-902 Warszawa.

 

  1. Definitions

ABTShield: an automated security service for analyzing online traffic, designed to detect and protect against bots and sophisticated invalid traffic (“SIVT”). The service aims to mitigate the risks associated with SIVT which include, among others: generating financial losses by generating unwanted costs, embezzling money from advertisers’ budgets and ad fraud, data theft, false identity fraud, fake transactions, money laundering, artificially boosting and positioning disinformation content, organizing automated trolling, deceiving Users by automatically creating fake posts and reviews, and other harmful activities.

Controller: EDGE NPD Sp. z o. o. with its registered office in Warsaw, 22A Czeska street, 03-902 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS No.: 0000441520, NIP No.: 9522122126, REGON 146413766 (also referred to as “we”).

Cookies: small text files installed on the device of the User browsing the website where ABTShield is installed. Cookies usually contain the domain name of the website from which they originate, the time for which they are stored on the end device and a unique number.

Device characteristics: the technical parameters of the device you are using that are not unique to you, such as language, time zone or operating system.

Device identifiers: a device identifier is a unique string of characters assigned to a user’s device or browser via a cookie or other storage technologies.

GDPR: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Personal data: any and all the information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific physical, physiological, genetic, mental, economic, cultural or social factors of that natural person.

User: a natural or legal person or an unincorporated organizational unit visiting the website where ABTShield operates or using the services of the website or application where ABTShield operates.

 

  1. ABTShield Service Description
  • ABTShield is an automated online traffic security service that aims to detect sophisticated invalid traffic (SIVT) and separate it from traffic generated by real users. All the data collected by the service is obtained and processed solely for the purpose of preventing SIVT.
  • In accordance with the IAB Europe Transparency & Consent Framework, we process your data for the following purposes:
  • Measuring ad effectiveness: the information we process allows us to determine to how many unique Users or in how many devices the ad was displayed to measure the characteristics of the device on which the ad was displayed (non-specific location, device type),
  • Understanding recipients using statistics or a combination of data from different sources: by using identifiers generated by receiving and using automatically sent device features; and using market research to generate information about audiences by combining different devices,
  • Performing analyses to detect SVIT in conjunction with a specific source of online traffic (device). The result of the analysis is a report that estimates the probability of SVIT-type threats,
  • Developing and improving products: understanding how to reduce the negative impact of SVIT malicious sources on specific services, applications, URLs that are monitored by the Controller,
  • Supporting decision-making mechanisms related to the approval or exclusion of products with regard to safety and negative effects of SVIT,
  • For analytical and statistical purposes,
  • For possible investigations related to the occurrence of security incidents.
  • In accordance with the IAB Europe Transparency & Consent Framework, we collect the data listed below:
  • Cookie ID – we use cookies collected through the websites of publishers and suppliers or received from partners working with us,
  • Other identifiers or online technologies, such as data from the TCP/IP, TLS, HTTP protocol layers, as long as they it meets the requirements of data security and pseudonymization, which means that we protect it in the same way as all other personal data,
  • IP address, URL address, device type, and other data describing the device/application characteristics (e.g. browser version, language version, device time zone),
  • frequency and timing of device interactions combined with the corresponding monitored service, if available (e.g. URL address, app, ad display technology, campaign UTM, referrals).
  • The purposes listed in (2) above are processing for security, fraud prevention and detection, and error correction. We kindly inform you that your data may be used for monitoring and preventing unusual and potentially fraudulent activities (for example, with regard to ads and clicks by bots) and to ensure the proper and secure operation of systems and processes. We identify devices based on information sent automatically. Your device may be distinguished from other devices based on the information it automatically sends when you access the Internet (for example, the IP address of your Internet connection or the type of browser you use) for the purposes indicated above – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).

 

  1. Period of personal data processing.

The Controller processes the data only for the period necessary to fulfill the purposes of processing indicated in the Policy, but no longer than 365 days. The period of data processing may be extended if processing is necessary for the purposes of investigating or defending against possible claims, or at the request of competent public authorities, and after the expiry of this period – only in the case and to the extent required by law. After expiry of the processing period, the data is irreversibly deleted.

  1. User Rights
  • Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: GDPR) and other applicable regulations.
  • We use appropriate technical and organizational measures to protect your personal data that we collect and process. The measures we apply are designed to ensure a level of security appropriate to the risks associated with the processing of your Personal Data. Directly or indirectly through our service providers, we use the following security measures: securing system access, preventing, detecting and acting against physical threats (such as fire), backup systems, network security, access protection, authorized personnel list and authentication system.
  • We respect the rights of each User in the processing of their personal data. In particular, each person whose data is processed has the following rights:
  • the right to obtain information about the processing of their Personal Data,
  • the right to access the content of their Personal Data and request their supplementation or rectification,
  • the right to delete their Data (“the right to be forgotten”),
  • the right to restrict the processing of their Data,
  • the right to transfer their data,
  • the right to object to the processing of their Data for the legitimate purposes of the Controller,
  • the right to file a complaint with a supervisory authority responsible for personal data protection.
  • We stipulate that if the User cannot be uniquely identified (for example due to the extent of the data provided by you), we may refuse to take action at the request of the User to whom the data relates by notifying the User, unless the User provides additional information that allows them to be identified.

 

  1. Data Recipients

The Controller provides services to website owners, publishers, e-commerce stores, web application owners, advertisers, entities specializing in handling online advertising, and all entities interested in monitoring the quality of web traffic and avoiding SVIT risks.

 

The Controller provides its clients with information that allows them to distinguish and segment sources that generate valid traffic versus advanced invalid traffic (SVIT). The Controller provides its clients with a report indicating the level of trust in a given connection source (device). In order to fulfill its mission to ensure proper traffic, the Controller synchronizes and matches the collected data with data held by the supported publishers, application owners, broadcast platforms and their components (such as DMP, DSP, SSP) and other entities to which the Controller provides services. The Controller creates automated statistical/summary reports that allow its clients to monitor the quality of Internet traffic, as well as respond to situations involving potential threats from SVIT.

 

  1. Transferring data outside the European Economic Area.

Your data is not transferred by us outside the European Economic Area.

 

  1. Cookies.
  • Kindly be advised that most web browsers automatically accept cookies, but you can edit your browser options to block them in the future. However, disabling cookies may limit access to a large number of websites.
  • There is no single standard way to delete cookies, as different browsers allow to delete cookies using different procedures. Most web browsers and advertising technologies offer a way to manage how data is used. Below are links to help you set your preferences.
  • Mozilla Firefox:

https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

  • Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
  • Microsoft Edge:

https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d

  • Apple Safari:

https://support.apple.com/pl-pl/guide/safari/sfri11471/mac

  • Opera:

https://blogs.opera.com/tips-and-tricks/2023/04/clean-browser-and-remove-trackers/

  • Please be advised that your consent is not required for cookies that are necessary for authentication, security and to provide access to services provided through the website or application, as this type of information is collected on the basis of the Controller’s legitimate interest. Accordingly, the absence of the User’s consent to the collection of the Cookies described in the preceding sentence or the withdrawal of previously granted consent by the User has no effect with respect to these Cookies.
  • Cookies used by the Controller are not used to collect information that constitutes Personal Information, although some of this information may be considered Personal Information.
  • The ABTShield website uses only “first-party cookies” as a string of random 32 characters to identify the web traffic of individual Users of the website or application on which ABTShield is hosted.
  • The cookies referred to above are stored by the Controller for a period of 365 days.

 

  1. Final Provisions

This document may also be sent to you in electronic form, free of charge, to the email address you have indicated, upon your request sent by email to dpo@edgenpd.com.