Services Privacy Policy

Overview

Paapi Limited (“Paapi”, “Company”, “us, “we”, “our”) Ad Buying and Ad Measurement (collectively, “Platform”) help advertisers (“client”) and their advertising agencies (“agency”) to:

  • Manage relevant ad buys across websites, apps, audio, smart TVs and other digital properties
  • Measure the effectiveness of their ad spend
  • Optimise the buying of ads across Search, Social and Display

Our Platform utilises the latest Privacy Enhancing Technology (“PET”) developed by Google, Meta, Apple and other digital advertising platforms to securely protect and preserve the privacy of all citizens while helping our clients to legitimately use customer data to display relevant ads and to measure and report on their effectiveness. Our Platform uses customer data collected from the clients’ own websites, internal systems and campaign data from digital advertising and marketing platforms to optimise bidding and buying of relevant ads on third party websites, apps, audio, smart TV and other digital properties. Our references to our Platform in this policy only refer to Pappi’s own advertising technology platform and do not include the technology or systems of clients or partners that use or integrate with us. Clients and partners are bound by our policies when they use our Platform. Below, we explain in detail the type of data we collect, how we collect it, how we use it, and how we disclose it, as well as the choices available to you. If after reading this policy you still have questions, please feel free to contact us.

The data the platform collects and processes

The Platform collects and processes the following data:

  • Unique cookie identifiers (see more detail under the section on Cookies below and our Cookie Notice)
  • Mobile device advertising identifiers
  • Pseudonymous identifiers derived from email address or phone numbers, or device and connection information
  • IP addresses
  • Interest information we infer from browsing and engaging with the clients’ websites, apps and other digital properties
  • Other information about browsers and devices, such as type, version and settings
  • Location information based on IP address or other types of information that may include precise geolocation information (i.e., latitude/longitude coordinates), if provided to us
  • Information about ads that are shown, such as which ads are shown to a device or user, where (which web page or app) they are shown, the cost paid for clicking or viewing, and at what time
  • Hashed email addresses and other identifying information (or information derived from such)
  • Conversion data such as purchases, registrations and subscriptions, collected from the clients’ websites, apps, other digital properties and internal systems
How the platform collects data

The Platform receives data in several ways, including the following:

  • From our clients’ websites, apps and other digital properties.
  • From advertising and marketing platforms that our clients’ use to execute campaigns.
  • Direct from sellers or the sellers’ supply side partner of advertising inventory. For example, bid requests, which are sets of information that describe an ad space that is available to be filled. We get these requests from the “supply” side of the advertising ecosystem, meaning websites, apps, smart TVs, and others, as well as their agents. The requests contain information about the ad space, the device, and sometimes the user, including location information. They also usually have an ID (or IDs) that enables us to match the request with information we may already have.
  • From third-party suppliers of information used to target, optimise or measure advertising campaigns.
  • From purveyors of connected TV devices and apps can send us information about the video content viewed on the device or app.
  • From pixels and cookies, which allow us to recognise web browsers across sites and over time, and therefore to record information about them over time.
  • From mobile device advertising IDs, which are made available through the device operating systems, like Apple’s iOS and Google’s Android, for purposes of allowing mobile apps and their advertising partners to recognise a device over time. We use these IDs in a similar way to the way we use cookies.
  • From mobile SDKs are bits of code that some of our partners enable to be placed in mobile apps. This enables our partners to send us data about the mobile app and device in association with the mobile device ID.
Cookies

“Cookies” are data files that are stored on your browser or device and are used to remember user preferences and behaviours over time. Cookies allow us to recognise your device and remember information, such as your preferred language and other general settings. Cookies set by the client website are called “client first party cookies”. Cookies set by parties other than the client website are called “client third party cookies”. We use both client first party and can also use client third-party cookies where appropriate. We use client first party cookies to allow us to distinguish between, recognise, and store data about unique web browsers and devices that pertains specifically to each client.
For more information about specific cookies that our platform creates, please see our Cookie Notice.

The purposes for which the platform processes data

The Platform processes data both on our own behalf and on behalf of clients and their partners for purposes related to targeting, delivering, measuring and reporting on advertising. The purposes are as follows:

  • Ads delivery: We use data to enable the technical delivery of an ads and measure success of delivery.
  • Frequency and other reporting: We use a pseudonymous identifier to keep track of how many times an ad was shown, as well as where and when.
  • Clicks, views and conversions: We may use a pseudonymous identifier to measure actions taken by a user with respect to a particular ad, i.e., a click on an ads, or a download of an app.
  • Measurement and analytics: We use an identifier to measure how well advertising perform, such as whether users clicked on the ads or went to a clients’ store after their ads was shown.
  • Attribution: We may use data to match particular ad views to subsequent actions taken by a user. For example, a clothing advertiser might be able to see that someone who saw an ad for gloves subsequently purchased the gloves. This would be done by stitching together the identifiers from the sites where the ad was served and where the online purchase was made.
  • Reporting: We may use a pseudonymous identifier to measure, attribute, and report on the performance and success of campaigns. This includes transaction reporting and verification.
  • Personalising ads: We use data to increase advertising relevancy and effectiveness.
  • Cross device graphing: We may use data and algorithms to associate pseudonymous identifiers that might be related to each other. Such a graph might link various identifiers present on a single device, various identifiers associated with an individual who has multiple devices or multiple device/individuals within the same household.
  • Detection of malicious or invalid activity: We process information in an attempt to prevent malicious activity or invalid ad traffic. This may include identifying and preventing purveyors of malware or bots that try to take advertising dollars for ads that aren’t shown to real users or that try to harm users’ devices.
Disclosure and transfer

We do not sell, rent, trade, or otherwise share personal information that we collect from, please refer to the above section on How the platform collects data, except as described below:

  • Service Providers. We may disclose your information to companies that provide data processing services to help us with our business activities, such as sending email communications on our behalf. These companies are authorised to use your information only as necessary to provide these services to us.
  • Advertising and Marketing Systems. We may share personal information to these platforms for the purposes of executing campaigns.
  • Consent. We may share personal information in accordance with any consent you provide. For example, if you provide us content for insider video chat footage, you consent to our posting and distribution of such content through the Site.
  • Required by Law. We may disclose personal information or any information collected through the Site if we are required to do so by law or pursuant to legal process, in response to a request from government officials or law enforcement authorities, or as necessary or appropriate in connection with an investigation of illegal activity.
International transfers

We operate from servers located in the European Union (“EU”). Any transfer of data outside of the EU will be subject to the applicable laws of the EU and the destination country.

Security and data retention

We retain data that the Platform collects for a duration as agreed and defined by the client. After this duration data will be automatically and permanently deleted. Data that is sent from our Platform to devices such as browsers, apps as well as data shared from our Platform to Advertising and Marketing Systems are subject to the policies of those devices, apps, Advertising and Marketing Systems. This retention policy does not apply to partner data.

We have implemented security measures, including physical, electronic and administrative safeguards, designed to prevent the unauthorised access to, loss, misuse, or alteration of the information that our Platform collects, but we make no assurances in this policy about our ability to prevent any such event or the possible harm to you or any third party that could arise from it.

Your rights and choices

Privacy rights. Depending upon where you live, you may have certain legal rights with respect to data that we collect and process. These rights may include the right to request access, deletion, and correction of personal data, and the right to opt out of activities that constitute “sales,” “sharing,” and processing personal data for purposes of “targeted advertising,” as well as use of “sensitive data” for advertising purposes, as such terms are defined under certain state privacy laws. These rights may be limited, for example if fulfilling your request would reveal personal data about another person or infringe the rights of a third party (including our rights) or if you ask us to delete information that we are required by law to keep or have compelling legitimate interest in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make. We will not discriminate against you if you exercise your rights under applicable law.

Opting out of sales, sharing and targeted advertising. As described in the Targeted Advertising section above, we process data to personalise and deliver ads, and for other ads-related purposes, including measurement reporting, and building our cross-device graph. Some of these activities may be considered “sales” or “sharing” of your personal information or using your information for purposes of “targeted advertising” under the law that applies to you. You may express a choice related to these activities including use of sensitive data for such purposes, by visiting http://www.adsrvr.org or by enabling Global Privacy Control in your browser. Your devices like CTVs and Mobile Devices may offer choice signalling from the device’s operating system. Where we receive these signals, we will opt the user out of sales, sharing and targeted advertising.

Industry opt-out pages. The online advertising industry provides websites from which you may set a third party cookie indicating your desire to opt out of interest-based advertising from Paapi and other companies that participate in industry self-regulatory programs. The US-based opt out pages are www.aboutads.info/choices and www.networkadvertising.org/choices . The European based page is www.youronlinechoices.com. In Canada, use youradchoices.ca/choices. For mobile apps. Most mobile devices provide the ability to set the device’s advertising ID to an opt out value through the device settings. To learn how to use the mobile app opt out, consult your device instructions. To find information on opting out on Mobile Devices please visit http://www.networkadvertising.org/mobile-choice . Where we receive such an indication, we will treat the request as opted out.

For Internet Connected TVs. Many connected TVs and related devices offer a choice mechanism similar to those offered by mobile devices. When received we will honour these signals. To find out more, including device specific instructions, please visit https://www.networkadvertising.org/internet-connected-tv-choices/ .

Access, Correction, and Deletion. To exercise your rights to access, correct, or delete your data, please fill out this webform or send an email to dpo@paapi.ai . We may take reasonable steps to confirm your identity.

If we deny your request, you may appeal our decision by contacting us dpo@paapi.ai . Depending upon where you live, if you have concerns about the results of an appeal, you may contact your local regulator. You will not be discriminated against for the exercise of such rights.

European Union controller/processor designation and legal basis

If you are based in the European Economic Area (EEA), the United Kingdom or Switzerland, Paapi Limited. is responsible for processing your personal data. Under the definitions of “Controller” and “Processor” in EU law, Paapi acts as the Processor. When we collect personal data for personalisation from requests for ads that we receive as described above, under EU law, we will use consent as our legal basis for doing so. When we target group of identifiers, we use consent or legitimate interest as our legal basis. We process personal data for other purposes when we have a legitimate interest in doing so and that interest is not outweighed by the rights or freedoms of individual data subjects.

Changes to our policy

We may revise this policy at any time, and we will indicate revisions by updating the date at the bottom of this policy and providing notice through our websites or services.

Contact us

You may contact us regarding privacy by:

Submitting your request with this: Web Form

Writing to this address: Data Protection Officer (DPO) PAAPI Limited, 2 Gabriel Drive, Camberley, Surrey, GU15 1DZ United Kingdom

Email to: dpo@paapi.ai

If you have a concern regarding our privacy practices, please contact us via the contact details supplied above. If after reasonable efforts, you believe your concern has not been satisfactorily addressed by us then we recommend you contact the UK Information Commissioner’s Office (ICO).

Last Updated - 14 August 2024