This document describes the processing of personal data that Neodata (Data Processor) performs for third parties (Data Controllers). The relationships between Neodata and the Data Controller (or “Customer” hereinafter) and the information contained in this document take into account the obligations and responsibilities of each of the parties involved as defined by the GDPR.
he processing performed by Neodata is based on the consent of the data subject acquired by the Data Controllers and allows the Customers to profile and analyse the behaviour of users (hereinafter "Users") who visit their websites, view their advertising campaigns or use mobile devices with their app as well as to provide recommendations on editorial content and manage the delivery of online advertising campaigns.
Neodata specialises in the analysis of Big Data and is a provider of functional modules that can be integrated with each other or with other external platforms. The functional modules offered by Neodata can be found on two platforms:
● exaudi (Data management platform) allows the collection and analysis of data relating to the characteristics and behaviour of users and enables its use for tactical or strategic purposes.
● ad.agio (Ad Server) allows the management and delivery of multi-platform digital content.
The integration of exaudi and ad.agio allows the management and delivery of targeted web content.
exaudi is a DMP (Data Management Platform), namely a software platform developed and offered on the market by Neodata Group which:
The platform mainly performs profiling activities, i.e. the processing of personal data used to assess aspects relating to a natural person such as personal preferences, interests, reliability, behaviour, location and movement. (ref GDPR Art.4: Definition of Profiling).
ad.agio is an adserver used for the management of online advertising campaigns that stores digital content and is capable of delivering it to a user by generating an impression. The data contained on the platforms mainly concerns web or mobile users (customers or potential customers of the Data Controller) who used a device to interact with content under the Data Controller’s control. In addition, the data may also come from external suppliers that authorise its use by the Data Controller for clearly defined purposes.
In order to provide its services, Neodata uses "cookies" (hereinafter "Cookies"), namely small text files that store certain information related to users’ navigation. Cookies are installed on the User's browser and can be read, modified or deleted by the User by changing the settings on their browser and do not contain viruses. In general, Cookies are divided into "technical" and "profiling" cookies. Neodata uses both technical Cookies and profiling Cookies. The use of one or both categories of Cookies depends on the service that Neodata provides to the Customer. The following table shows which types of cookies (i.e. "technical" or "profiling") are used by Neodata and its subsidiaries according to the specific service provided:
The fact that there is a link on the websites or other spaces of the Customer, or of the subjects to whom the former provides its services to connect the resources hosted by Neodata or that the Cookies installed refer to the Neodata domains does not imply that Neodata manages the processing operations implemented independently by the Customer through the use of its tools.
Said tracking tools (e.g. cookies, AAID (Android Adverting ID) e IDFA (Apple Identifier Advertiser) attribute a unique ID to the User through which their habits can be tracked, recognising them upon each visit and personalising the messages based on that. The unique ID is, indeed, associated to the User's browser or device and in no event the data collected is used by Neodata, either directly or indirectly, to determine their personal identity.
Neodata is capable of collecting information on users by monitoring the touch-points of the Data Controller of the first and/or second part, through scripts (entered using tags) performed in browsers, executed within browsers, or through pixels inserted in the email, or through a proprietary SDK that the Data Controller integrates into its mobile applications. Touch-points can be voluntary or induced and are of the following types:
● view a domain’s web page;
● view a DEM;
● view adv;
● use of a mobile app
● CTA response (call to action).
In the process of interaction between a user and web and app content, Neodata detects certain information, initially also stored in Technical Cookies and/or Profiling Cookies, such as: Device Id, Device info, Ip address, Action Type (View, Impression, Click, CTA), Content Type (Text, Picture, Video), position and other details provided by the user who accesses the various data sources. For mobile devices that contain applications installed by the Data Controller or by third parties chosen by the Data Controller, Neodata can get Users’ information about the type of device used, connection’s type, carrier’s name, the geographical position. Tracking can be activated only after the User has previously authorized the application to send the data.
In addition, there are other types of data that the Data Controller may request Neodata to integrate within its systems that include:
● user identification data,
● data relating to the user's characteristics,
● data relating to generic actions performed by the user (events).
Neodata is capable of performing automated processing, including profiling, that allows the extrapolation of information on users such as:
Neodata enables the Data Controller to build user groups, called clusters, implementing rules that consider the features and / or actions performed by users.
Neodata can collect personal data:
● non-PII data (Personally identifiable information) that does not allow direct identification of the data subject.
● PII data that allows the direct identification of the data subject if and only if it is expressly provided by the user.
Neodata can integrate personal data on its platform:
● non-PII data.
● PII data only if necessary for specific purposes defined by the Data Controller.
Through the processing of non-PII data & PII data, Neodata acquires information on users relating to:
1. personal preferences,
2. user characteristics,
5. location and movement.
For the sole purposes related to the provision of Services, Neodata may share the information collected, in aggregate form or not, with subsidiaries, affiliates or partners of the Customer and only in response to its express request.
The information processed by Neodata can be integrated with external platforms such as: DSP/SSP, DMP, DEM, Ad-Server and CRM which, among other things, allow the activation of information processed on users to deliver profiled contents (tactical purposes).
Furthermore, the information processed by Neodata can be used to generate statistics or perform analyses for use in reports or dashboards (strategic purposes).
The Customer is required to obtain prior consent from the User in relation to the use of said tools.
Neodata reserves the right to communicate the data collected to the competent authorities (including judicial authorities) in the cases imposed by law or upon request of the authority involved.
Neodata Group uses three possible cloud service providers (sub-processors): Microsoft Azure, Amazon AWS and Google Cloud Platform.
The suppliers provide cloud technology infrastructures that allow large-scale workloads to be run on virtual machines such as developing applications using integrated services, managing relational databases, managing non-relational databases, executing SQL-like queries in real time and adopting measures of adequate technical and organizational security for data protection.
The servers used by Neodata for storing and processing data could be located outside the EU (more specifically in the USA). The transfer of data is performed following the stipulation of Standard Contractual Clauses with the providers of servers and/or services entrusted to third parties, or prior verification of compliance with the system called "Privacy Shield".
Neodata, in using the technologies necessary for the processing of big data, undertakes to:
1. Minimise the number of personal data;
2. Process personal data in separate compartments;
3. Process personal data at the highest level of aggregation with the lowest possible degree of detail, compatibly with the purposes of the processing defined by the Data Controller;
4. Minimise the type of personal data at each stage of the process compatibly with the purposes.
5. Allow the interaction with data through the enabling of roles associated with the purposes characterised by different operations, formats and types of data.
When appointing the Controller-Processor, the Data Controller determines the period of execution of the processing and the consequent determination of the data retention period.
All data is extracted, processed and stored exclusively for purposes related to the provision of Neodata Services through their systems and is destroyed when no longer necessary for said purposes. The data is kept for a period of time not exceeding the achievement of the purposes for which it was processed.
Neodata pays particular attention to data security and has established a dedicated internal team that works continuously to protect the data and information belonging to the data subjects of the processing by continuously implementing state of the art technical and organisational security measures to ensure an appropriate level of security. Nevertheless, the current level of the technique does not allow total control over the methods of data transmission over the Internet or its storage.
The data subject can communicate with the Data Protection Officer (DPO) of Neodata by sending an email to firstname.lastname@example.org.
In order to exercise their rights, such as: request for access, request for rectification, deletion, limitation and portability, a data subject can send an email to email@example.com.
The data subject has the right to oppose processing performed by Neodata by visiting the link below. This impediment is termed an Opt-out, through which Users prevent Neodata from inserting Cookies in their browsers on behalf of the Customer. Users who have activated the Opt-out can decide to restore the Cookies at any time by clicking on the Opt-in button available at the following link.
Users can also request Opt-in by selecting Neodata on the YourOnLineChoice web site at the following link.
Furthermore, users can take position against the tracking of mobile data by configuring their devices according to what is indicated in the paragraph "13 Management of preferences for Adv Digital Identifiers".
The User can manage the preferences relating to Cookies directly in their browser and prevent, among others, Neodata from installing any. Using browser preferences, it is also possible to delete Cookies previously installed.
Please note, however, that the deactivation of Cookies may interfere with the proper functioning of certain websites (e.g. access to areas protected by username and password).
It is possible for the user to limit the disclosure of some personal data by his mobile device by changing the related settings.
For iOS mobile devices, go to "Settings" from the device's home screen, scroll down to "Privacy", select "Advertising" and activate "Limit ad tracking".
For Android mobile devices, go to "Google Settings", select "Announcements" and then the "Opt Out of Interest Based Ads" checkbox.
Last update: 3 July 2019
Thanks to subscribe to our newsletter