Real Time Bidding and Adserving

Essence of the joint controllership arrangement between Equativ and Company

Explanatory note for Equativ Clients:
The following contains key information to be included in Client’s privacy policy in order to make available to end-users the essence of the arrangement between Equativ and Company regarding the processing of End-User’s data. Such text is also available on Equativ’s end-user privacy policy.

Basic information notice to be provided to end users

In the context of the use of your data to provide personalize online advertising, certain processing operations are carried out under the joint controllership (as defined in the General Data Protection Regulation (“GDPR”) of Equativ and [Name of Company].

The purposes of processing operations under this joint controllership are to provide personalized advertising, in particular: Store and/or access information on a device; Use limited data to select advertising; Create profiles for personalized advertising; Use profiles to select personalized advertising; Deliver and present advertising; Measure advertising performance; Where and if applicable we may rely on the following features within these purposes: match and combine data from other data sources, link different devices and use of precise geolocation.

The legal basis for these processing operations is consent.

The types of data processed under this joint controllership are the following: Browser and device data (e.g. type of device, screen size, user agent); Navigation data (e.g. IP address, timestamp, location data, longitude, latitude, connection type, site/app and page names, etc.); Advertising data (e.g. Advertiser and buyer names, characteristics of the placement, type and details of the ad, etc.); Segment name or ID; Keywords; Identifiers (including alternative IDs); Privacy signals.

The categories of recipients of the data are mentioned in the privacy policies of Equativ (https://equativ.com/privacy-policy/ ) and of [Name of Company]  ([link to Company’s privacy policy to be provided]) 

Unless otherwise required by applicable laws, Equativ and [Name of Company] will store your Personal Data for no longer than thirteen months.

Basic information on respective roles and responsibilities to be provided to end-user in Company’s privacy policy.

Pursuant to data protection regulations, Equativ and [Name of Company] have determined their respective responsibilities for compliance with the obligations under the data protection regulations by means of an arrangement between them which you can find summarized below.

Equativ and Company

Equativ and [Name of Company] agreed on the legal basis of the processing. Equativ is responsible for the adequate declaration of the purposes, features, legal basis, types of data and duration storage of the data processing under joint controllership in the TCF of IAB Europe. [Name of Company] undertakes to comply with the TCF, and in particular to collect the consents or objections and other choices of data subjects regarding cookies and data processing.

Company alone

[Name of Company] is responsible for the provision of information to end users, before any data processing, in accordance with data protection laws and privacy standards (such as IAB Europe standards, hereinafter “Privacy Standards”) on the data processing made under the joint controllership of [Name of Company] and Equativ.

Each of Company or Equativ

Each joint controller shall comply with its obligations under applicable data protection laws and Privacy Standards, including compliance with data protection principles such as purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability; data protection by design and by default.

Each joint controller is responsible for the provision of the essence of the arrangement of the joint controllership in its own privacy policy.

Each joint controller ensures itself the confidentiality and security of the personal data it processes in the context of joint processing operations regarding the means, persons and legal bodies (including data processors) it controls in such context.

Each joint controller is responsible for the choice the data processors it works with for the processing of data under joint controllership and their compliance with data protection laws and standards.

Each joint controller is responsible of the compliance with data protection laws of any transfer of data outside the European Economic Area (EEA). Data transfers outside the EEA are governed by the provisions relating to such transfers in the joint controllers’ respective privacy policy  ([Company name and link to itsprivacy policy to be provided]) / Equativ: privacy policy ).

You have the same rights as those described in the joint controllers’ respective privacy policy  ([Company name and link to its privacy policy to be provided])  / Equativ: privacy policy). The main point of contact for any data protection request is Equativ’s Data Protection Officer: dpo@equativ.com, but you can address your request to exercise these rights either to [Name of Company] or Equativ. The joint controller receiving your request shall respond to it itself, within the timeframes and according to the applicable legal requirements. However, if it is necessary to process your request or if the answer to the request implies the assistance of the other joint controller, Equativ and [Name of Company] may cooperate on your request and its answer.

Equativ alone or leading

Notification and communication regarding data breaches are carried out jointly by the two joint controllers according to a procedure set contractually between them in which Equativ is designated as the leading party on such data breaches notification and communication, as such breaches should necessarily impact Equativ’s platform.

Equativ has conducted a data protection impact assessment for the processing under joint controllership between Equativ and [Name of Company]. Each joint controller establishes and maintains itself any other documentation necessary to demonstrate compliance with the personal data protection laws of the joint processing operations, in particular the recording of the joint processing operations in its own register of processing activities. If necessary, the joint controllers cooperate in good faith with each other and provide relevant information required to fulfil their accountability obligations or to address any data protection authority’s request on processing activities under their joint controllership.