This document describes the processing of personal data that Neodata (Data Processor) performs for third parties (Data Controllers). The relationships between Neodata and the Data Controller and the information contained in this document take into account the obligations and responsibilities of each of the parties involved as defined by the GDPR.
The processing performed by Neodata is based on the consent of the data subject acquired by the Data Controller and allows the Customer to profile and analyse the behaviour of users who visit their sites or view their campaigns (hereinafter "Users") and to provide recommendations on editorial content and manage the delivery of online advertising campaigns.
Neodata specialises in the analysis of Big Data and is a provider of functional modules that can be integrated with each other or with other external platforms. The functional modules offered by Neodata can be found on two platforms:
exaudi (Data management platform) allows the collection and analysis of data relating to the characteristics and behaviour of users and enables its use for tactical or strategic purposes.
Ad.agio (Ad Server) allows the management and delivery of multi-platform digital content.
The integration of exaudi and Ad.agio allows the management and delivery of targeted web content.
exaudi is a DMP (Data Management Platform), i.e. software developed and offered on the market by Neodata Group which:
allows the aggregation in one place of the data managed by a Data Controller, coming from online and offline sources, relating to the characteristics and behaviour of people,
enables the Data Controller to use it for tactical or strategic purposes.
The platform mainly performs profiling activities, i.e. the processing of personal data used to assess aspects relating to a natural person such as personal preferences, interests, reliability, behaviour, location and movement. (ref GDPR Art.4: Definition of Profiling).
Ad.agio is an adserver used for the management of online advertising campaigns that stores digital content and is capable of delivering it to a user by generating an impression. The data contained on the platforms mainly concerns web users (customers or potential customers of the Data Controller) who used a device to interact with content under the Data Controller’s control. In addition, the data may come from external suppliers that authorise its use by the Data Controller for clearly defined purposes.
In order to provide its services, Neodata uses "cookies" (hereinafter "Cookies"), i.e. small text files that store certain information related to browsing. Cookies are installed on the User's browser, can be read, modified or deleted by the User by changing the settings on their browser and do not contain viruses. In general, Cookies are divided into "technical" and "profiling" cookies. Neodata uses both technical cookies and profiling cookies. The use of one or both categories of cookies depends on the service that Neodata provides to the Customer. The following table shows which types of cookies (i.e. "technical" or "profiling") are used by Neodata and its subsidiaries according to the specific service provided:
The fact that there is a link on the sites or other spaces of the Customer, or of the subjects to whom the former provides its services, to the resources hosted by Neodata or that the Cookies installed refer to the Neodata domains does not imply that Neodata manages the processing operations implemented independently by the Customer through the use of its tools.
Said tracking tools (cookies) attribute a unique ID to the User through which their habits can be tracked, recognising them upon each visit and personalising the messages based on that. The unique ID is, in fact, connected to the User's browser and in no event is the data collected used by Neodata, either directly or indirectly, to determine their personal identity.
Neodata is capable of collecting information on users by monitoring the web touch-points of the Data Controller of the first and/or second part, through scripts (entered using tags) performed in browsers, apps or e-mail systems. Touch-points can be voluntary or induced and are of the following types:
view a domain’s web page,
view a DEM,
CTA response (call to action).
In the process of interaction between a user and Web Content, Neodata detects certain information, initially also stored in Technical Cookies and/or Profiling Cookies, such as: Device Id, Device info, Ip address, Action Type (View, Impression, Click, CTA), Content Type (Text, Picture, Video), position and other details provided by the user who accesses the various data sources.
In addition, there are various types of data that can be integrated into Neodata systems that include:
user identification data,
data relating to the user's characteristics,
data relating to generic actions performed by the user (events).
Neodata is capable of performing automated processing, including profiling, that allows the extrapolation of information on users such as:
geographical location: obtained from the IP addresses to which the Internet connections made by users are associated;
user interests: obtained based on preferences for the use of the contents expressed implicitly by users through browsing; the contents are associated with the IAB interest categories and/or defined by the Data Controller;
classification of visited contents: obtained by analysing the free text on the HTML pages visited by the user and associating the categories of taxonomy of the IAB and/or defined by the Data Controller that are most represented by it;
gender and age: obtained by analysing the interests associated with each user and deriving the gender and presumed age of the user through specific classification models.
Neodata enables the Data Controller to perform processes that allow the generation of new information on users by defining rules concerning the characteristics of users and/or their actions to establish the composition of segments called Clusters.
Neodata can collect personal data:
non-PII data (Personally identifiable information) that does not allow direct identification of the data subject.
PII data that allows the direct identification of the data subject if and only if it is expressly provided by the user.
Neodata can integrate personal data on its platform:
PII data only if necessary for specific purposes defined by the Data Controller.
Through the processing of non-PII & PII data, Neodata acquires information on users relating to:
location and movement.
For the sole purposes related to the provision of Services, Neodata may share the information collected, in aggregate form or not, with subsidiaries, affiliates or partners of the Customer and only in response to its express request. The Customer is required to obtain prior consent from the User in relation to the use of said tools. The information processed by Neodata can be integrated with external platforms such as: DSP/SSP, DMP, DEM, Ad-Server and CRM which, among other things, allow the activation of information processed on users to deliver profiled contents (tactical purposes). Furthermore, the information processed by Neodata can be used to generate statistics or perform analyses for use in reports or dashboards (strategic purposes). Neodata reserves the right to communicate the data collected to the competent authorities (including judicial authorities) in the cases imposed by law or upon request of the authority involved.
Neodata Group uses three possible cloud service providers (sub-processors): Amazon AWS, Google Cloud Platform and Microsoft Azure. The suppliers provide technological infrastructure to: perform large-scale workloads on virtual machines, develop applications using integrated services, manage MySQL relational databases, manage non-relational databases, execute SQL-like queries in real time and adopt technical and organisational security measures.
The servers used by Neodata for storing and processing data could be located outside the EU (more specifically in the USA). The transfer of data is performed following the stipulation of Standard Contractual Clauses with the providers of servers and/or services entrusted to third parties, or verification of compliance with the system called "Privacy Shield".
When processing data, Neodata undertakes to:
Minimise the number of personal data consistent with big data technologies.
Process personal data in separate compartments consistent with big data technologies.
Process personal data at the highest level of aggregation with the lowest degree of detail consistent with big data technologies and with the purposes.
Minimise the type of personal data at each stage of the process consistent with the purposes.
Allow interaction with data through the enabling of roles associated with the purposes characterised by different operations, formats and types of data.
When appointing the Controller-Processor, the Data Controller determines the period of execution of the processing and the consequent determination of the data retention period.
All data is extracted, processed and stored exclusively for purposes related to the provision of Neodata Services through their systems and is destroyed when no longer necessary for said purposes. The data is kept for a period of time not exceeding the achievement of the purposes for which it was processed.
Neodata pays particular attention to data security and has consequently established an internal team that works continuously to protect the data and information belonging to the data subjects of the processing by continuously implementing state of the art technical and organisational security measures to ensure an appropriate level of security. Nevertheless, the current level of the technique does not allow total control over the methods of data transmission over the Internet or its storage.
The data subject can communicate with the Data Protection Officer (DPO) by sending an email to firstname.lastname@example.org.
In order to exercise their rights, such as: request for access, request for rectification, deletion, limitation and portability, a data subject can send an email to email@example.com.
The data subject has the right to oppose processing performed by Neodata by visiting this link. This impediment is termed an Opt-out, through which Users prevent Neodata from inserting Cookies in their browsers on behalf of the Customer. Users who have activated the Opt-out can decide to restore the Cookies at any time by clicking on the Opt-in button. Users can request the opt-in by visiting this link.
The User can manage the preferences relating to Cookies directly in their browser and prevent, among others, Neodata from installing any. Using browser preferences it is also possible to delete cookies installed in the past. The User can find information on how to manage cookies in the browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer, Microsoft Edge. Please note, however, that the deactivation of Cookies may interfere with the proper functioning of certain sites (e.g. access to areas protected by username and password).
Last update: 3 July 2019
È possibile per l’utente limitare la divulgazione di alcuni dati personali da parte del proprio dispositivo mobile modificando le relative impostazioni. mobile.
Per i dispositivi mobili iOS, andare in "Impostazioni" dalla schermata iniziale del dispositivo, scorrere verso il basso fino a "Privacy", selezionare "Pubblicità" e attivare "Limita il monitoraggio degli annunci".
Per i dispositivi mobili Android, andare su "Impostazioni Google", seleziona "Annunci" e, successivamente, la casella "Opt Out of Interest Based Ads".
Thanks to subscribe to our newsletter