Advertising Privacy Policy

Introduction and applicability

This advertising privacy policy (also “Policy”) explains how we, Gister Private Limited (hereafter “ADBRO”, also “We”, and “Us”) and our associated companies (hereafter collectively referred to as “the Companies”) as a data controller may collect, use, disclose, transfer and store your personal data (as defined below) through our advertising services (hereafter “Services”). The main purpose of this Policy – is to ensure that you have a comprehensive understanding of the personal data processing process.

We are interested in and are committed to protecting your privacy. This Policy follows the Personal Data Protection Act of Singapore ("PDPA") and provides subsections for the local privacy laws applicable to your country of residence.

A few words about us

ADBRO is an advertising technology company providing Services to Publishers and Advertisers across the Asia Pacific region. We help Publishers - the online content creators, to monetize their content by promoting goods and services from our Advertisers. We might therefore access your personal data when you visit a website owned by a Publisher using our tracking tools.

Contact information

You may contact our Data Protection Officer with any questions about data processing, or requests, in the following manner:

• by Email: dpo@adbro.me
• by Post: 111 North Bridge Road, #24-02 Peninsula Plaza, 179098, Singapore.

Сollection of personal data

We shall seek your consent before collecting any additional personal data and before using it for a purpose that has not been notified to you (except where permitted or authorized by law). Contract clauses between ADBRO and our partners provide the necessary requirements for obtaining the user’s consent for personal data collection.
‍
You can find information that explains the rights which apply under the local privacy law applicable to you, and the way how to exercise your rights in local sections of this Policy.

Categories of personal data we collect

Through our Services, we collect a limited number of personal data categories, in the way described below.

1. IP address, a unique address that identifies a device on the internet.
2. Web browser and device Information (herein “User-agent”), such as the device type and model, manufacturer, operating system type and version (e.g. macOS or Windows), web browser type and version (e.g., Chrome, Edge or Safari), time zone and non-precise geolocation (e.g. country, region) inferred from the IP address.
3. Information about a user’s behavior on Publishers' websites, such as information about the activities or actions on a website, viewed pages, date and time of activity, and session start/end time.
4. Information about ads served, viewed, or interacted with, clicked on, such as the type of ad, where the ad was served, whether the user clicked on it, the number of times a user has seen the ad, and whether the user visited the Advertiser's website. 

Information we don’t collect

Through our Services we do not collect, process, or use such categories of personal data as

• special categories of personal data as determined by applicable law, including:
• ◦ racial or ethnic origin;
  ◦ political opinions;
  ◦ religious or philosophical beliefs;
  ◦ trade union membership;
  ◦ genetic data;
  ◦ biometric data;
  ◦ data concerning health;
  ◦ an individual's sex life or sexual orientation.
• any information relating to children, as defined by the applicable law;
• information relating to criminal convictions and offenses;
• directly identifiable information like name or surname, home or email address, phone number or any ID card number or bank account.

How we collect personal data

When you visit or use a website that uses our Services, we use and deploy tracking technologies – Cookies and/or Web Pixels, to automatically collect certain information about you. This technology doesn’t provide directly identifiable information, though some of this information (e.g. unique identifiers stored in Cookies on your device) may identify a particular device as unique and may be considered personal data by the applicable law.

We can describe the process of collection as the following: ADBRO may assign a unique identifier called a “User ID” to a web browser when you first visit a website that deploys our Services. These IDs enable us to determine within a reasonable level of confidence that a device used is the same one we previously interacted with.

Additionally, we can have access to the information from data management platforms that have previously obtained your consent. These online platforms, where ad data is shared, provide audience segments (which are groups of User IDs) separated by different characteristics (e.g. age, interests, location).

How we use personal data

In our activities we use personal data for the following purposes:

• to deliver non-personalized ads based on audience segments separated e.g. by location or content category;
• to deliver personalized ads based on your previous interactions with ADBRO ads;
• to provide Services for Publishers and Advertisers by targeting ads, measuring ad performance, providing information and reports about when and how users have been exposed to and interacted with ads;
• fraud detection and prevention to identify invalid ad impressions, clicks, installs, or ad queries, protect us and our Publishers from fraudulent behavior;
• to improve and develop new Services by researching and analyzing information to display ads more effectively while using the Services and ensure that our technologies function correctly.

Storage of personal data

ADBRO introduces a combination of administrative, physical, and technical measures to provide security of personal data.

For instance, when an IP address is stored or transferred, we use only a masked version without the last segment, which does not allow us or another third party to directly identify any person.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our security measures.

If you have reason to believe that your interaction with us is no longer secure, please immediately notify in writing or via email our Data Protection Officer about the problem at the contact details provided above.

Retention of personal data

We will retain personal data for the period only necessary to fulfill the purposes outlined in this Policy (e.g. to provide non-personalized ads or to comply with applicable legal requirements, to enforce our agreements or comply with our legal obligations) unless a longer retention period is required or permitted by law.

We may retain personal data collected through our Services (including the segment information that we receive from third parties) for up to 3 years from the last interaction with you, or the date that we received your personal data from Partners.

We will cease to retain your personal data or remove ID that can be associated with you, as soon as such retention no longer serves the purpose for which the personal data was collected, or is no longer necessary for legal or business purposes.

Anonymization of personal data we collect through our Services allows us to retain that information in an aggregated non-personalized format, indefinitely. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups or regional groups. Anonymized or aggregated non-­personally identifiable information may be provided to other parties for marketing, advertising, or other uses.

Disclosure of personal data

We can disclose collected personal data to third parties (especially authorities) on a legal obligation to comply with the law, a judicial proceeding, a court order, or in scope of other legal processes.

We also may disclose your personal data if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, and/or as evidence in the litigation process.

We take appropriate measures to ensure that any disclosures of information are done in accordance with applicable privacy laws and regulations, and with care for protecting your personal data.

Personal data that we collect through our Services may be disclosed to the following purposes to our Partners:

• Publishers. We may disclose statistics and non-personalized information collected through our Services to Publishers to allow them to analyze the effectiveness and performance of our Services and to offer targeted ad inventory.
• Advertisers. We may disclose statistics and non-personalized information collected through our Services to analyze the effectiveness and performance of their advertising campaigns via our Services and to provide more personalized content.
• Ad exchanges. We may disclose collected personal data to a virtual marketplace of digital marketing, where digital ad space on Publishers websites can be bought by Advertisers to provide ads to the users.
• Service providers. We may disclose your personal data to trusted third-party service providers working under the instruction of ADBRO, such as hosting providers or data centers, exclusively for storage purposes. These service providers have agreed to use personal data we share with them solely to provide the contracted services to us.

 You can find the list of our Partners here.

Data transfer

In connection with the Services, your personal data may be processed by ADBRO and the Companies, its service providers and Partners, and transferred to countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country of residence and may not provide the same level of protection as your jurisdiction. Regardless of where your data is located, ADBRO shall process your personal information in accordance with this Policy.

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made, and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Your data protection rights

You may request access to the personal data we store about you or request us to correct, update or delete your information, or that we restrict the processing of such information.

To protect your privacy and maintain security, we may take steps to verify your identity before providing you an access to the information. Depending on your location, you may have the right to complain to an authority if you are not satisfied with our response.

Where provided by applicable law, you may withdraw any consent you previously provided to us or object at any time to the processing of your personal data for direct marketing purposes or on legitimate basis to any other processing of your personal information, and we will apply your preferences. This will not affect the lawfulness of our use of your personal data based on your consent before its withdrawal.

How to withdraw your consent

The consent that you provide for the collection, use, and disclosure of your personal data will remain valid until such time it is withdrawn by you. You may withdraw consent and request us to stop collecting, using, and/or disclosing your data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided above.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 30 days of receiving it.

If you should decide to cancel your withdrawal of consent, please inform us in writing manner or via email to our Data Protection Officer.

Please note that withdrawing consent does not affect our right to continue to collect, use, and disclose personal data where such collection, use, and disclosure without consent is permitted or required under applicable laws.

Access to and correction of personal data

If you wish to make an access request:

• for access to a copy of the personal data:
• how we use or disclose your personal data;
• to correct or update any of your personal data we retain,

you may submit your request in writing or via email to our Data Protection Officer at the contact details provided above.

We will respond to your request as soon as reasonably possible. In general, our response will be within 30 days. Should we not be able to respond to your request within 30 days after receiving your request, we will inform you in writing of the time we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Opt-in and Opt-out notice

We offer you the ability to opt-in for demonstration personal ads concerning goods and services provided by our Partners by permitting a special form on the Publishers' websites or opt-out of receiving personal ads by an opt-out form on our website.

After you withdraw your consent to receive personalized ads, we will take the following steps to protect your privacy:

• demonstration of personalized ads on the web browser will be stopped;
• we will recognize the web browser and delete ID that links to the information from your web browser.

If you wish to extend your choice to other web browsers or other devices used by you, please repeat the operation from each of them. However, you must be aware that withdrawing your consent from ADBRO does not prevent receiving personalized ads demonstrated by other services.

Please note, that after withdrawal of consent to receive personalized ads, you will continue to see ads on our Publisher’s websites, but it will not be personalized.

Changes of Policy

We may revise this Policy from time to time to ensure the accuracy of the information or to improve the new design. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated.

Also, we can make some minor changes that do not impact the personal data processing process or the way to exercise your rights. These changes are aimed at improving the design and style of Policy.

In case of significant changes caused by:

• changes in the way we process your data;
• changes in applicable law and regulation;
• changes in the ways you can exercise your rights;
• implementation of new services; 

We will notify you without any delay or no later than 7 days after publication of the new version of the Policy, by demonstrating the pop-up form on our website.

Privacy Notice for the European Economic Area (“EEA”) Residents

Legal basis for processing personal data

If you are located in the EEA, our legal basis for collecting and using the personal data described in sections of this Policy above will depend on the specific context in which we collect or use it. Furthermore, you can find information about information we don’t collect in this subsection of the Policy.

For the purpose “to deliver personalized ads” which is described above, or to set up our Cookies consent is the basis for the processing of your personal data.

In some circumstances, as a data controller we may rely on our legitimate interest to collect and use your personal data, except where such interests don’t exceed your data protection interests or fundamental rights and freedoms. For example, we may use any of the personal data described in this Policy for the purpose of detecting and preventing fraud, security, or technical issues, as well as to protect against harm to our rights, property, or safety. Also, we rely on the legitimate interest to deliver non-personalized ads, use your personal data to improve and develop new Services, or build up performance analytics and measure the effectiveness of ads. This is necessary for us to pursue our and our Partners’ legitimate interests.

How we receive your consent

Your consent can be given on the Publisher’s website. Mutual agreements with our Partners provide for the obligation to obtain an agreement from the user when transferring personal data to us and to implement secure measures for ensuring data security.

Automated individual decision-making, including profiling

Our Services use special algorithms that help us to demonstrate ads relevant to your interests. When we use personal data for the purpose of “to deliver personalized ads” as described above, it may lead to profiling since we use audience segments based on previous interactions with ADBRO ads. You must be aware that we do not use automated processing as it is referred to in Article 22(1) and (4) of the GDPR to make decisions which have any legal effect or similarly significant effect on you.

Transfer of personal data outside the EEA

We will protect your personal data when it is transferred outside of your jurisdiction by processing it in compliance with the General Data Protection Regulation (“GDPR”).

To protect your rights:

• we ensure that the data recipient takes place from an adequacy decision under Article 45 of the GDPR;
• we rely on the measures authorized by the European Union, such as signing the Standard Contractual Clauses, or verifying that the recipient has adopted Binding Corporate Rules, which contractually obligates each member to ensure that personal data receives an adequate and consistent level of protection under the Article 46 of the GDPR.

Individual data protection rights

1. The right to withdraw consent. You can withdraw your consent to the data processing as it is explained in the article “How to withdraw your consent” of this Policy above. After withdrawal, all personal data related to you, which is processed under the consent as a legal basis, such as ID, will be deleted or anonymized.
2. The right of access. You have the right to make a request about information that we process and ask to give you a copy of your personal information that we collect and process.
3. The right to erasure (“right to be forgotten”). All directly identifiable elements will be erased under your request.
4. The right to rectification. The right to ask us to rectify information you think is inaccurate.
5. The right to data portability. You have the right to make a request to transfer data that we collect to another organization.
6. The right to object. The right to object to the process of personal data, which is based on legitimate interest.
7. The right to complain to a supervisory authority. You have the right to apply to the authorized body under Article 77 of the GDPR if you suspect data processing breaches of the regulation.

Also, you have the right to be notified in cases of data breaches. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable authority where we are legally required to do so.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, or if you wish to exercise any of the above-mentioned rights, please contact in writing or via email to our Data Protection Officer at the contact details provided above. To protect your privacy and maintain security, we may take steps to verify your identity before providing you access to the information.

Effective date: 04/04/2024
Last updated: 04/04/2024

Business Partners

Ad exchanges

We can disclose personal data with ad exchanges, where Advertisers can buy ad places on our Publishers websites to provide ads to the users.

Service providers

We use third-party data centers for the cloud storage of personal data.