Effective: Dec 15, 2019
Effective: Dec 15, 2019
We will use the information that we collect about you in accordance with the EU General Data Protection Regulation (Regulation EU 2016/679), (further — “GDPR”) which becomes effective from 25 May 2018.
1. About COMPASS’s services
COMPASS («COMPASS» or «Platform») is the platform that allows our Clients to buy or sell ad space on websites for online advertising. Our clients are businesses engaged in Internet advertising — advertisers, publishers, ad networks or ad agencies. Our clients buy and sell media by participating in online exchanges for ad space. Our technology powers this platform. When ad space on a website is bought or sold, usually to an advertiser, ad agency or ad network by a publisher, COMPASS, as an agent for its clients, fulfils the transaction by delivering the ad to the Internet user who visits that site. When you visit a website operated by an Advertiser or a third-party website where we could serve an ad to you, we may collect some or all of the Personal data described in the COMPASS Privacy Notice. Our Platform uses that data as well as other data described below to help Advertisers provide ads to you that are more relevant to your preferences. For example, if you visit an Advertiser's website and shop for a mobile device, our Platform (or another platform we work with) may later serve you with targeted ads for the Advertiser’s brand of gadget as you browse the internet or through other channels, such as mobile apps.
2. What is personal data?
Personal data means information relating to a living individual who can be directly or indirectly identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
4. What is the purpose of this Policy?
Privacy and security of your Personal information are important to us. When you use the Platform or visit its website, COMPASS processes your non-PII information and ensures its protection in strict compliance with applicable laws and regulations. As part of our commitment to protecting your information, we use this Policy to transparently inform you about the following:
(a) why and how your Personal information is used (also, «processed») by COMPASS when you access the Platform;
(b) COMPASS’s role and responsibilities in this context as the legal entity deciding why and how your Personal information is processed;
(c) what instruments you may use to limit the amount of Personal information collected by COMPASS; and
(d) what your rights are in relation to the above processing.
5. Who processes your personal information?
To provide you with access to the Platform, your Personal information is collected and used by COMPASS AG, a company incorporated under the law of Switzerland, with a head office registered at 16 Dammstrasse, Zug 6300, Switzerland (COMPASS AG).
6. What is the legal basis for processing your Personal information and the purposes of it?
COMPASS is not allowed to process your Personal information if it does not have a valid legal ground. COMPASS will therefore only process your Personal information if:
the processing is necessary to perform our contractual obligations towards you including providing you with Website;
the processing is necessary to comply with our legal or regulatory obligations; or
in case it is provided by applicable law, the processing is necessary for the legitimate interests of COMPASS and does not unduly affect your interests or fundamental rights and freedoms. Please note that when we process your Personal information on this basis, we will always seek to maintain a balance between our legitimate interest and the protection of your privacy.
Examples of such ‘legitimate interests’ referred in (iii) immediately above are:
(a) to better understand how you interact with our website and services offered;
(b) to enhance, maintaining accessibility, modify, personalize or otherwise improve the site and services for the benefit of all users; and
(c) to offer you other products and services from COMPASS or other companies which we think can be of interest to you (i.e. personally-targeted advertising).
for specific purposes we may ask your consent for processing of your Personal information. COMPASS always processes your Personal information for a specific purpose and only processes Personal information which is relevant to achieve that purpose. In particular, we process your Personal information for the following purposes:
to provide you with the Platform (i.e. considering your preferences and other Personal information about you available to COMPASS);
to provide you with access to your user account;
to contact you to notify and/or inform you or request information from you in relation to the Website or services, or to execute our agreements with you or process your request or application;
to provide advertisements and/or commercial offers based on your preferences and other Personal information available to COMPASS;
to improve user experience, including offering more personalized user experience on the Website and services provided, as well as improving other COMPASS products, applications and services;
to develop new products, applications and services;
to protect your rights and the rights of COMPASS; and
to collect, process and present statistical data or big data, or perform other research and/or analysis of Personal information.
To process transactions in case of “prepaid service” issue (Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased of the service).
To send periodic emails (The email address you provide for account processing, may be used to send you information and updates pertaining to your account, in addition to receiving occasional company news, service updates, related service information, etc).
In situations where we are obligated by law, we may also disclose information in order to investigate, prevent or take action regarding suspected or actual prohibited activities, included but not limited to, fraud and situations involving potential threats to the physical safety of any person.
7. What Personal information do we collect?
We don't collect Personally Identifiable Information via the platform. We collect Non-Personally Identifiable Information ('Non-PII') via the COMPASS platform. Non-PII is information that can't be used by COMPASS to uniquely identify you.
Personal non-PII information collected by COMPASS when you access, interact with or operate the Website may include:
electronic data (http headers, IP address (for the purposes of geo-targeting only), cookies, web beacons/pixel tags, browser and operational system information, information about your hardware and software);
date and time of accessing the Platform;
information related to your activity when using the Platform and visiting Website (e.g. user flow, exit websites, etc);
general (geo)location information (no hyperlocal geo-targeting is done, in particular with mobile ads via GPS), and
information about you that we may receive from our Partner in accordance with an agreement you made with this Partner and an agreement between COMPASS and this Partner.
We do not actively collect any sensitive personal data (such as racial origins, political opinions, health or biometric data). We do not perform any form of profiling which has the potential to significantly impact your rights and freedoms.
We neither read packets of information from the HTTP requests (packet-sniffing) nor perform impression-level page-scraping, strictly limiting the process to ad serving activities and purposes only.
We do not collect any impression-level data through the ad that will be used for subsequent ad targeting.
8. How does COMPASS protect your Personal information?
In most cases, Personal information is processed automatically without access to it by our staff. However, if such access is necessary, your Personal information can be accessed only by those COMPASS employees whose professional tasks require using this information. To protect your Personal information and ensure its confidentiality, these employees must comply with internal rules and follow protocols for processing Personal information. They are also required to follow all technical and organizational security measures protecting your Personal information.
COMPASS has also implemented adequate technical and organizational measures to protect Personal information against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of Personal information.
Prior to binding agreements with any publisher or data provider that shares targeting data with COMPASS, we are committed to ensure that those agreements include opt-out for any users that do not want to be uniquely tracked/targeted with advertisers.
No method of transmission over the mobile web or method of electronic storage is 100% secure; therefore, while COMPASS strives to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
9. Who else has access to your Personal information and who is it shared with?
9.1. Within COMPASS
COMPASS may transfer your Personal information to our employees. COMPASS may also transfer your Personal information to its affiliates. In all cases, Personal information will continue to be processed only for the purposes set out in Section 6 hereof.
We only store information in case of necessity. Typically, we delete all the information quarterly based on the analysis of the traffic and inventory quality control. Some information such as cookies may expire in accordance with your device settings. We do not need such information and we usually delete it unless it is necessary for performing our services to the client.
Please be aware that certain laws and regulations may subject us to store user information for a particular period: money laundering laws, financial reporting regulations, tax laws etc. Furthermore, we may have to comply with the decision of the court of appropriate jurisdiction and maintain information for the longer period.
9.2. Outside COMPASS
COMPASS may also transfer Personal information to third parties outside the Company to complete the purposes listed in Section 6 above. Such third parties may include:
Partners, such as media publishers, advertising networks and other partners providing COMPASS with services related to the placement and display of advertisement on the websites, programs, products and/or services owned or operated by such Partners;
Advertisers or other Partners serving targeted advertisement on the COMPASS Platform; and third parties who process Personal information, such as our (IT) systems providers and/or consultants.
COMPASS may also transfer Personal information to the following third parties outside the Company:
any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
any national or international regulatory, enforcement, exchange body, central or local government department and other statutory or public bodies or court where we are required to do so by applicable law or regulation at their request;
third parties if you expressed your consent to such transfer or transfer of your Personal information is required for your use of the COMPASS Platform or performance of a particular agreement or contract with you;
any third party to ensure legal protection for COMPASS and/or the third parties if you violate the User Agreement of the COMPASS Platform, this Policy or if there is a threat of such violation.
other service providers like SSP, DSP, and DMP services which are based on specific platforms that actively communicate with other platforms, including but not limited to other SSP, DSP, and DMP platforms. Additionally, we use services of various third parties in order to analyze data, prevent fraud, host data, maintain, and support our client’s platforms, and for such other and further related services that are necessary to provide our services.
10.When do we collect information?
10.1. User communication
When you indicate your name and email address in the contact form on the Website or when you reach to us via email, telephone, post, live chat or contact forms we may retain your personal details and those communications in order to process your inquiries, advertise you our services, provide you personal access to the Platform and improve it.
10.2. Information collected through technology
Learn more about how this tool works at https://support.google.com/analytics/answer/1012034?hl=en&ref_topic=6157800
For more detailed information regarding cookie handling please follow to the Section 13 hereof.
11.Where is your Personal information stored and processed?
The data collected and processed by COMPASS is processed within the European Union.
COMPASS stores Personal information in the EEA, the Russian Federation, the US and the Republic of Korea.
For users in the United States, Russia and Korea, COMPASS records, systematizes, accumulates, stores, clarification (updates, changes), extracts Personal information of the citizens using databases located on the territory of the aforementioned countries.
For the users being citizens of the EEA countries or Switzerland COMPASS stores their data on the servers located on the territory of jurisdictions providing an adequate level of personal data protection.
Korea, Russia and US are jurisdictions outside the European Economic Area, and these have not been recognized by the European Commission as providing an adequate level of personal data protection.
For the rest of users’ data we store Personal information on the servers situated in the optimal location which gives lowest latency during data exchange with server.
Therefore, COMPASS has taken appropriate measures to ensure that Personal information is handled according to applicable EU data protection rules.
12.Do we transfer your data?
13.For how long do we store your Personal information?
COMPASS will only keep your Personal information for as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal and regulatory requirements, but no longer than 18 months. Unless otherwise legally required or agreed, the emails and documents, which are stored by you on our systems as part of the Service, will remain stored as long as you have an account with us, but you can delete them at any time. If you wish to have any Personal information removed from our databases, you can have it removed via your COMPASS account or by contacting COMPASS support service (hello@ compassaffiliates.com)
14.1. What are cookies and what does COMPASS use them for?
Cookies are small text files placed on the device you use to access our website. They contain information that is collected from your device and sent back to the Platform on each subsequent visit so as to remember your actions and preferences over time.
The following types of cookies are used on the website:
Technical cookies: these cookies are required to provide you with the services and may, among other, allow COMPASS to identify your hardware and software, including your browser and operational system type;
Statistical / Analytic cookies: these cookies enable us to recognize users, count the number of users and collect information such as your actions across the Platform, including the web pages you visit and the content you retrieve. No Flash cookies are collected but HTTP only;
Performance cookies: these cookies collect information about how users interact with our website, enabling us to identify errors and test new functionalities to improve the performance of the website;
Functionality cookies: these cookies enable us to provide specific functionalities in order to improve your experience on the Sites, for example by storing your preferences (e.g. language and location);
(Third party) tracking / advertising cookies: these cookies collect information about users, sources of traffic, page visits and advertising displayed to you and followed by you. They enable us to display advertising which may be of interest to you based on collected Personal information. These cookies are also used for statistical and research purposes.
We do not use zombie cookies or other mechanisms that may circumvent your privacy choices.
14.2. How long are those cookies stored on your device?
COMPASS only uses the information contained in the cookies for the above purposes, after which the data collected will remain stored on your device for a period that may depend on cookies type, but no longer than necessary to achieve their purpose and will be automatically removed from your system thereafter.
14.3. Who else has access to the information contained in the cookies?
Personal information collected through cookies placed on your device may be transmitted to and accessed by COMPASS or the third parties referred to in Section 7 hereof. The use of Personal information outside of the Sites for advertising purposes, if any, may be subject to separate policies available on the above third parties’ websites. COMPASS or those third parties might also provide you with a possibility to opt out of receiving targeted advertising, which shall be subject to laws and regulations applicable to such products, utilities and offerings.
COMPASS may also use web beacons (pixel tags) in order to access the cookies previously placed on your computer for the following purposes:
to track your actions across the platform and when using the Platform, by accessing and interacting with the cookies stored on your computer;
to collect statistical information related to operating the Platform, the Website or products, utilities, advertisements or other COMPASS offerings.
14.4. Cookie opt-out
All our cookies lifetimes do not exceed 2 years, unless it’s an opt-out cookie. You can "Opt out" from having cookies stored on your device when advertisement materials and/or inventory are shown from COMPASS. To "Opt-out" click this (https://www.compassaffiliates.com//).
14.5. Other tracking mechanisms we use for data collection across all platforms:
• Tags and Pixels
Tags and Pixels are code snippets that we and our clients may use to track your browsing on the Internet: from resources to any particular websites or applications to track your browsing behaviour. Sometimes web beacons are used for these purposes. They are usually transparent or invisible graphic images, no larger than 1x1 pixel, they are placed on a page or otherwise, Internet resource or sent within an e-mail to monitor the behaviour of the user visiting the resource or sending the e-mail. It is often used in combination with cookies. We create and use a unique synchronization system to check the quality of information that we have collected with information that our clients collected independently, and later help our clients or third parties that intend to provide you with targeted advertisements.
• Mobile Device Identifiers
Mobile Device Identifiers or Mobile Device IDs are unique identifiers which can be used to identify a mobile device. We may use standard device identifiers (UDID) that we may receive from 3rd parties, to track your use of mobile applications and to determine if a piece of advertisement inventory has been delivered to a specific user or retargeted, or to determine the frequency of certain inventory for a certain user. Ultimately, passing device’s ID back to advertisers helps us and our clients to improve the quality of advertising and its efficiency (targeting). COMPASS does not directly collect and store UDIDs or similar Mobile Device Identifier technologies.
• Software Development Kits
These are blocks of code or algorithm similar to Tags and Pixels that are embedded into a digital resource that allows us to track certain information related to the application use, gathered during the process of utilizing our technology
• Other technologies
Please be aware that we use other technologies to collect user information in order to assist users with the inventory delivery and to provide reporting to our clients or to evaluate the quality of advertisement.
15.1. Your choices and opting out
We recognize how important your online privacy is to you, so we offer the following options for controlling the targeted ads you receive and how we use your data:
You can opt-out of receiving targeted ads served by us or on our behalf by clicking on the by clicking on the opt-out button at the bottom of the COMPASS homepage. Please note that, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again. Further, if you use multiple browsers or devices you will need to execute this opt out on each browser or device. If you opt-out we may collect some data about your online activity for operational purposes (such as fraud prevention) but it won't be used by us for the purpose of targeting ads to you.
If it is provided by applicable law, you have a right of access to your Personal information as processed by COMPASS under this Policy.
If it is provided by applicable law, you also have the right to:
request erasure of your Personal information;
request the restriction of the processing of your Personal information;
object to the processing of your Personal information if it is provided by applicable law.
COMPASS will honour any such requests or objections as required under applicable law.
To the extent provided by applicable law, you may be subject to other rights not specifically mentioned herein.
15.2. How can you exercise your rights?
To exercise the above rights please contact COMPASS (see «Questions, suggestions and concerns» hereof). If you are not satisfied with how COMPASS processes your Personal information, please let us know and we will investigate your concern. If you are not satisfied with COMPASS’s response, you have the right to make a complaint to the competent data protection authority.
16. Data ownership/selling
We may disclose information about you:
With our service providers: Companies we contract with who help with parts of our business operations. We require that our service providers only use your information in connection with the services they perform for us.
With your service providers: Companies under contract with, or acting on your behalf, who handle data (such as a customer lists) on your behalf.
With our subsidiaries and related companies
In connection with legal proceedings: When we are under a legal obligation to do so, for example to comply with a binding order of a court, or where disclosure is necessary to exercise, establish or defend the legal rights of COMPASS, our Advertisers or any other third party.
In connection with a sale of our business: If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale.
17. Third parties
We do not sell, trade, or otherwise transfer to outside parties your information for their own promotional purposes unless we obtain your freely given informed consent. This does not include information that we share with our subsidiaries, affiliates, and third-party service providers working at our instruction, such as an email service provider, hosting provider or data center. We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
Submitting your data directly through social media, as well as via comments, and forum sections on websites, remember that your personal ID information can be accessed (in case you haven’t restricted your social media privacy settings), and used by the third parties without your consent or pre-agreement.
COMPASS does not assist or knowingly permit any third party to set a cookie, or alter/delete a cookie set, on any Google owned and operated domains.
COMPASS also does not allow any cookie match between different third parties through ads served on Google Display Network or its owned and operated inventory.
18. Children’s Online Privacy Protection Act Compliance
We are following the requirements of COPPA (Children’s Online Privacy Protection Act), we do not knowingly collect any information from anyone under 13 years of age. Our website and the platform and services are all directed to people who are at least 15 years old or older. If the company is made aware that it has received personally identifiable information from someone under 13, it will use reasonable efforts to remove that information from its records.
19. Your consent
20. Updates to this Policy
COMPASS reserves the right to amend this Policy at any time and without notice, in particular as a result of changes in the legislation in force or in the services offered by COMPASS.
COMPASS undertakes not to introduce significant changes, imposing additional obligations or reducing your rights under this Policy without proper notice to you. You will be notified about such changes. If applicable, changes will be announced on the Site (e.g. via a pop-up or web banner) prior to such changes taking effect, and you may also be notified via other channels (e.g. by email) if you have provided us with your contact details.
We invite you to review this Policy on a regular basis on the website of COMPASS, in order to be informed of its possible amendments.
21. Questions, suggestions and concerns
We welcome your questions or suggestions concerning implementation of or amendments to this Policy. To contact us please send your email to email@example.com.
You can also use this email to exercise your rights or report any inaccuracies in your Personal information or protest its processing. Website: https://www.compassaffiliates.com/