We are Digiseg ApS, a private limited company with company registration number 3698737, located at Gl. Kongevej 3B, st. tv, 1610 Copenhagen, Denmark.
In the following you can read more about:
· How our services relates to GDPR;
· How we process your personal data, when you communicate with us or subscribe to our newsletter.
Digiseg Audience Data is built to comply with GDPR and other data privacy laws. We use neighborhood statistics that are free of personal data to segment the identifiers of our partners. The data that we do process is not personal data and not in the scope of GDPR or other data privacy laws.
- We do not place cookies on the analysis platform Digiseg Analytics – https://analytics.digiseg.io
- We do not store any data.
- Only aggregates and statistical results are saved.
If you have any questions about the way we process your personal data, please contact us at email@example.com.
Purpose of processing and legal basis
If you write to our support at firstname.lastname@example.org we will process the information you have send us such as e-mail address and your name. Processing is necessary for the purposes of our legitimate interests (GDPR, article 6(1)(f)) to support you with any questions or concerns you may have.
You can at any time unsubscribe from the newsletter service which you have subscribed either via the link at the bottom of the newsletter or by writing to us at email@example.com. Withdrawing your consent will only affect the future processing of your personal data and therefore not the lawfulness of any processing based on the consent prior to your withdrawal. When you withdraw your consent and cancel your subscription, you will no longer receive newsletters from us.
We have established and will maintain adequate organizational and technical measures in order for your personal data not to be accidentally or illegally deleted, deteriorated or lost, disclosed to unauthorized third parties or in any other way misused or used contrary to data protection legislation.
We will erase your personal data when we no longer need it for the required purposes or to comply with specific legislative requirements.
Your consent for signing up to our newsletter will be retained for as long as we send you newsletters and up to two years after the last e-mail send.
If you have communicated with us by e-mail, we will delete the information 60 days after, unless we are obliged to a longer retention period to comply with legal requirements.
You have the right to:
· Access the personal data about you, that we process and collect;
· Ask for rectification of incorrect or inaccurate data concerning you, or to have incomplete personal data completed;
· Raise an objection about how your personal data are processed;
· Ask for the restriction of the processing of your personal data;
· Ask that your personal data to be erased;
· Withdraw your consent, thereby having your personal data erased; and
· Ask for data portability of your personal data.
Questions or concerns:
You are free to email us directly at firstname.lastname@example.org with any questions or suggestions. We will do our best to reply to your questions and resolve your concerns.
If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
7. February 2023
Following Data Processing Agreement is for the purposes of Article 28(3) of Regulation 2016/679 (“the GDPR”), and is applicable between Digiseg ApS, with company registration number 3698737, located at Gl. Kongevej 3B, st. tv, 1610 Copenhagen, Denmark as the data processor, and the Digiseg Customer (“Customer”), who buys/uses either the Digiseg Publishing Solution or Digiseg Analytics, as the data controller.
When buying/using the Digiseg Publishing Solution or Digiseg Analytics the data controller, together with the data processor, agrees on the following Data Processing Terms (“Terms”) in order to meet the requirements of the GDPR and to ensure the protection of the rights of the data subject.
We may update these Terms from time to time. The expired versions will be available here on our website.
- THE RIGHTS AND OBLIGATIONS OF THE DATA CONTROLLER
- The data controller is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR (see Article 24 GDPR), the applicable EU or Member State data protection provisions and the Terms.
- The data controller has the right and obligation to make decisions about the purposes and means of the processing of personal data.
- The data controller shall be responsible, among other, for ensuring that the processing of personal data, which the data processor is instructed to perform, has a legal basis.
- THE DATA PROCESSOR ACTS ACCORDING TO INSTRUCTIONS
- The data processor shall process personal data only on documented instructions from the data controller, unless required to do so by Union or Member State law to which the processor is subject. Subsequent instructions can also be given by the data controller throughout the duration of the processing of personal data, but such instructions shall always be documented and kept in writing, including electronically, in connection with the Terms.
- The data processor shall immediately inform the data controller if instructions given by the data controller, in the opinion of the data processor, contravene the GDPR or the applicable EU or Member State data protection provisions.
- The data processor shall only grant access to the personal data being processed on behalf of the data controller to persons under the data processor’s authority who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and only on a need to know basis. The list of persons to whom access has been granted shall be kept under periodic review. On the basis of this review, such access to personal data can be withdrawn, if access is no longer necessary, and personal data shall consequently not be accessible anymore to those persons.
- The data processor shall at the request of the data controller demonstrate that the concerned persons under the data processor’s authority are subject to the abovementioned confidentiality.
- SECURITY OF PROCESSING
- Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and data processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
- USE OF SUB-PROCESSORS
- The data processer may use sub-processers for the processing of personal data on behalf of the data controller. The data processer may change the use of sub-processor by prior written notice to the data controller at least 30 days prior to the change. The data controller may object to the use of a sub-processor.
- The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
- Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Terms shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Terms and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Terms and the GDPR.
- TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
- Any transfer of personal data to third countries or international organisations by the data processor shall only occur on the basis of documented instructions from the data controller and shall always take place in compliance with Chapter V GDPR.
- ASSISTANCE TO THE DATA CONTROLLER AND NOTIFICATION OF PERSONAL DATA BREACH
- Taking into account the nature of the processing, the data processor shall assist the data controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the data controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.
- This entails that the data processor shall, insofar as this is possible, assist the data controller in the data controller’s compliance with:
(a) the right to be informed when collecting personal data from the data subject(b) the right to be informed when personal data have not been obtained from the data subject
(c) the right of access by the data subject
(d) the right to rectification
(e) the right to erasure (‘the right to be forgotten’)
(f) the right to restriction of processing
(g) notification obligation regarding rectification or erasure of personal data or restriction of processing
(h) the right to data portability
(i) the right to object
(j) the right not to be subject to a decision based solely on automated processing, including profiling
- In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, and latest 72 hours after the discovery, notify the data controller of the personal data breach.
- ERASURE AND RETURN OF DATA
- The data being processed is not stored with the data processor.
- On termination of these Terms, the data processor shall return all the personal data to the data controller.
- AUDIT AND INSPECTION
- The data processor shall make available to the data controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the Terms and allow for and contribute to audits, including inspections, conducted by the data controller or another auditor mandated by the data controller. The parties agree on the audit/inspection method in a separate agreement.
- COMMENCEMENT AND TERMINATION
- The Terms shall become effective automatically when the Customer buys/uses either the Digiseg Publishing Solution or Digiseg Analytics.
- The Terms apply for as long as the Customer uses the Digiseg Publishing Solution or Digiseg Analytics, and the Terms cannot be terminated under this duration unless other Terms governing the processing activities have been agreed between the parties.
PROCESSING ACITIVITIES IN CONNECTION TO THE DIGISEG PUBLISHING SOLUTION:
The nature of the processing activity:
Digiseg has developed an API solution for Customers. The API enables a simple IP address look-up of a visiting user to the Customer’s site in the platform, Digiseg Audiences.
The purpose of the processing activity:
Based on a real-time comparison of the provided user IP address and Digiseg’s Audiences, audiences are shot back to the Customer’s site and ingested into the Customer’s Prebid, Google Ad Manager or other adservers.
The processing includes the following types of personal data:
Processing includes the following categories of data subjects:
Online users visiting the Customer’s website(s)
Storage period/erasure procedures
The IP address is not stored but only used for a real-time look-up in Digiseg’s API and disappears from the server once the event is processed.
PROCESSING ACTIVITIES IN CONNECTION TO DIGISEG ANALYTICS:
The nature of the processing activity:
The processing is a real-time look-up of IP-addresses in Digiseg Analytics.
The purpose of the processing activity is:
Digiseg Analytics receives IP-addresses from the data subjects and uses it for aggregated campaign or website analysis.
The processing includes the following types of personal data about data subjects:
Processing includes the following categories of data subject:
Online users visiting website(s).
Storage period/erasure procedures
The data is not stored but only used for a real-time look-up in Digiseg Analytics and disappears from the server once the event is processed.
Google Cloud, DigitalOcean, Vultr