Advertising Privacy Policy

Introduction and applicability

This advertising privacy policy (also “Policy”) explains how we, Gister Private Limited (hereafter “ADBRO”, also “We”, and “Us”) and our associated companies (hereafter collectively referred to as “the Companies”) as a data controller may collect, use, disclose, transfer and store your personal data (as defined below) through our advertising services (hereafter “Services”). The main purpose of this Policy – is to ensure that you have a comprehensive understanding of the personal data processing process.

We are interested in and are committed to protecting your privacy. This Policy follows the Personal Data Protection Act of Singapore ("PDPA") and provides subsections for the local privacy laws applicable to your country of residence.

A few words about us

ADBRO is an advertising technology company providing Services to Publishers and Advertisers across the Asia Pacific region. We help Publishers - the online content creators, to monetize their content by promoting goods and services from our Advertisers. We might therefore access your personal data when you visit a website owned by a Publisher using our tracking tools.

Contact information

You may contact our Data Protection Officer with any questions about data processing, or requests, in the following manner:

Сollection of personal data

We shall seek your consent before collecting any additional personal data and before using it for a purpose that has not been notified to you (except where permitted or authorized by law). Contract clauses between ADBRO and our partners provide the necessary requirements for obtaining the user’s consent for personal data collection.

You can find information that explains the rights which apply under the local privacy law applicable to you, and the way how to exercise your rights in local sections of this Policy.

Categories of personal data we collect

Through our Services, we collect a limited number of personal data categories, in the way described below.

  1. IP address, a unique address that identifies a device on the internet.
  2. Web browser and device Information (herein “User-agent”), such as the device type and model, manufacturer, operating system type and version (e.g. macOS or Windows), web browser type and version (e.g., Chrome, Edge or Safari), time zone and non-precise geolocation (e.g. country, region) inferred from the IP address.
  3. Information about a user’s behavior on Publishers' websites, such as information about the activities or actions on a website, viewed pages, date and time of activity, and session start/end time.
  4. Information about ads served, viewed, or interacted with, clicked on, such as the type of ad, where the ad was served, whether the user clicked on it, the number of times a user has seen the ad, and whether the user visited the Advertiser's website. 

Information we don’t collect

Through our Services we do not collect, process, or use such categories of personal data as

How we collect personal data

When you visit or use a website that uses our Services, we use and deploy tracking technologies – Cookies and/or Web Pixels, to automatically collect certain information about you. This technology doesn’t provide directly identifiable information, though some of this information (e.g. unique identifiers stored in Cookies on your device) may identify a particular device as unique and may be considered personal data by the applicable law.

We can describe the process of collection as the following: ADBRO may assign a unique identifier called a “User ID” to a web browser when you first visit a website that deploys our Services. These IDs enable us to determine within a reasonable level of confidence that a device used is the same one we previously interacted with.

Additionally, we can have access to the information from data management platforms that have previously obtained your consent. These online platforms, where ad data is shared, provide audience segments (which are groups of User IDs) separated by different characteristics (e.g. age, interests, location).

How we use personal data

In our activities we use personal data for the following purposes:

Storage of personal data

ADBRO introduces a combination of administrative, physical, and technical measures to provide security of personal data.

For instance, when an IP address is stored or transferred, we use only a masked version without the last segment, which does not allow us or another third party to directly identify any person.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our security measures.

If you have reason to believe that your interaction with us is no longer secure, please immediately notify in writing or via email our Data Protection Officer about the problem at the contact details provided above.

Retention of personal data

We will retain personal data for the period only necessary to fulfill the purposes outlined in this Policy (e.g. to provide non-personalized ads or to comply with applicable legal requirements, to enforce our agreements or comply with our legal obligations) unless a longer retention period is required or permitted by law.

We may retain personal data collected through our Services (including the segment information that we receive from third parties) for up to 3 years from the last interaction with you, or the date that we received your personal data from Partners.

We will cease to retain your personal data or remove ID that can be associated with you, as soon as such retention no longer serves the purpose for which the personal data was collected, or is no longer necessary for legal or business purposes.

Anonymization of personal data we collect through our Services allows us to retain that information in an aggregated non-personalized format, indefinitely. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups or regional groups. Anonymized or aggregated non-­personally identifiable information may be provided to other parties for marketing, advertising, or other uses.

Disclosure of personal data

We can disclose collected personal data to third parties (especially authorities) on a legal obligation to comply with the law, a judicial proceeding, a court order, or in scope of other legal processes.

We also may disclose your personal data if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, and/or as evidence in the litigation process.

We take appropriate measures to ensure that any disclosures of information are done in accordance with applicable privacy laws and regulations, and with care for protecting your personal data.

Personal data that we collect through our Services may be disclosed to the following purposes to our Partners:

 You can find the list of our Partners here.

Data transfer

In connection with the Services, your personal data may be processed by ADBRO and the Companies, its service providers and Partners, and transferred to countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country of residence and may not provide the same level of protection as your jurisdiction. Regardless of where your data is located, ADBRO shall process your personal information in accordance with this Policy.

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made, and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Your data protection rights

You may request access to the personal data we store about you or request us to correct, update or delete your information, or that we restrict the processing of such information.

To protect your privacy and maintain security, we may take steps to verify your identity before providing you an access to the information. Depending on your location, you may have the right to complain to an authority if you are not satisfied with our response.

Where provided by applicable law, you may withdraw any consent you previously provided to us or object at any time to the processing of your personal data for direct marketing purposes or on legitimate basis to any other processing of your personal information, and we will apply your preferences. This will not affect the lawfulness of our use of your personal data based on your consent before its withdrawal.

How to withdraw your consent

The consent that you provide for the collection, use, and disclosure of your personal data will remain valid until such time it is withdrawn by you. You may withdraw consent and request us to stop collecting, using, and/or disclosing your data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided above.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 30 days of receiving it.

If you should decide to cancel your withdrawal of consent, please inform us in writing manner or via email to our Data Protection Officer.

Please note that withdrawing consent does not affect our right to continue to collect, use, and disclose personal data where such collection, use, and disclosure without consent is permitted or required under applicable laws.

Access to and correction of personal data

If you wish to make an access request:

you may submit your request in writing or via email to our Data Protection Officer at the contact details provided above.

We will respond to your request as soon as reasonably possible. In general, our response will be within 30 days. Should we not be able to respond to your request within 30 days after receiving your request, we will inform you in writing of the time we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Opt-in and Opt-out notice

We offer you the ability to opt-in for demonstration personal ads concerning goods and services provided by our Partners by permitting a special form on the Publishers' websites or opt-out of receiving personal ads by an opt-out form on our website.

After you withdraw your consent to receive personalized ads, we will take the following steps to protect your privacy:

If you wish to extend your choice to other web browsers or other devices used by you, please repeat the operation from each of them. However, you must be aware that withdrawing your consent from ADBRO does not prevent receiving personalized ads demonstrated by other services.

Please note, that after withdrawal of consent to receive personalized ads, you will continue to see ads on our Publisher’s websites, but it will not be personalized.

Changes of Policy

We may revise this Policy from time to time to ensure the accuracy of the information or to improve the new design. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated.

Also, we can make some minor changes that do not impact the personal data processing process or the way to exercise your rights. These changes are aimed at improving the design and style of Policy.

In case of significant changes caused by:

We will notify you without any delay or no later than 7 days after publication of the new version of the Policy, by demonstrating the pop-up form on our website.

Privacy Notice for the European Economic Area (“EEA”) Residents

Legal basis for processing personal data

If you are located in the EEA, our legal basis for collecting and using the personal data described in sections of this Policy above will depend on the specific context in which we collect or use it. Furthermore, you can find information about information we don’t collect in this subsection of the Policy.

For the purpose “to deliver personalized ads” which is described above, or to set up our Cookies consent is the basis for the processing of your personal data.

In some circumstances, as a data controller we may rely on our legitimate interest to collect and use your personal data, except where such interests don’t exceed your data protection interests or fundamental rights and freedoms. For example, we may use any of the personal data described in this Policy for the purpose of detecting and preventing fraud, security, or technical issues, as well as to protect against harm to our rights, property, or safety. Also, we rely on the legitimate interest to deliver non-personalized ads, use your personal data to improve and develop new Services, or build up performance analytics and measure the effectiveness of ads. This is necessary for us to pursue our and our Partners’ legitimate interests.

How we receive your consent

Your consent can be given on the Publisher’s website. Mutual agreements with our Partners provide for the obligation to obtain an agreement from the user when transferring personal data to us and to implement secure measures for ensuring data security.

ADBRO participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. ADBRO’s identification number within the framework is 1316.

Automated individual decision-making, including profiling

Our Services use special algorithms that help us to demonstrate ads relevant to your interests. When we use personal data for the purpose of “to deliver personalized ads” as described above, it may lead to profiling since we use audience segments based on previous interactions with ADBRO ads. You must be aware that we do not use automated processing as it is referred to in Article 22(1) and (4) of the GDPR to make decisions which have any legal effect or similarly significant effect on you.

Transfer of personal data outside the EEA

We will protect your personal data when it is transferred outside of your jurisdiction by processing it in compliance with the General Data Protection Regulation (“GDPR”).

To protect your rights:

Individual data protection rights

  1. The right to withdraw consent. You can withdraw your consent to the data processing as it is explained in the article “How to withdraw your consent” of this Policy above. After withdrawal, all personal data related to you, which is processed under the consent as a legal basis, such as ID, will be deleted or anonymized.
  2. The right of access. You have the right to make a request about information that we process and ask to give you a copy of your personal information that we collect and process.
  3. The right to erasure (“right to be forgotten”). All directly identifiable elements will be erased under your request.
  4. The right to rectification. The right to ask us to rectify information you think is inaccurate.
  5. The right to data portability. You have the right to make a request to transfer data that we collect to another organization.
  6. The right to object. The right to object to the process of personal data, which is based on legitimate interest.
  7. The right to complain to a supervisory authority. You have the right to apply to the authorized body under Article 77 of the GDPR if you suspect data processing breaches of the regulation.

Also, you have the right to be notified in cases of data breaches. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable authority where we are legally required to do so.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, or if you wish to exercise any of the above-mentioned rights, please contact in writing or via email to our Data Protection Officer at the contact details provided above. To protect your privacy and maintain security, we may take steps to verify your identity before providing you access to the information.

According to Article 27 of the GDPR we designate the representative in the EU. If you have any questions about this policy, our data practices or the way in which you can exercise your rights, you may contact our representative. Please, visit this subsection of the Policy to find contacts of our representative in the European Union.  

Effective date: 15/07/2024
Last updated: 15/07/2024

Business Partners

Ad exchanges

We can disclose personal data with ad exchanges, where Advertisers can buy ad places on our Publishers websites to provide ads to the users.

Partner

Link to the Privacy Policy

Magnite DV+

Service providers

We use third-party data centers for the cloud storage of personal data.

Partner

Location

Link to the Privacy Policy

Microsoft Azure

Singapore

Linode (Akamai)

Singapore

DigitalOcean

Singapore

Vultr

Singapore

OVHcloud

Singapore

Hertzner

Germany

Our representatives

We designate the representatives in the countries we operate to answer any questions you may have about your rights and to serve as a point of contact for the authorities in accordance with the law.

You may contact our representative with any questions about data processing, or requests, in the following manner by post:

European Economic Area

Definitif Netherlands
Parkstraat 83
2514 JG Den Haag
The Netherlands.

Kingdom of Thailand

ADBRO Co., LTD.
199/153 Choet Wutthakat 9
Choet Wutthakat Road,
Donmueang,
Bangkok, 10210,
Kingdom of Thailand.