Last update 14 October 2021
“Personal information” is information that identifies an individual or relates to an identifiable individual and includes ‘personal data’ as that term is used in the European Union’s General Data Protection Regulation.
This Policy applies only to information that we process on behalf of our customers (where we act as a ‘data processor’ or ‘service provider’) in connection with our Services. This Policy does not cover any information we collect or process from our own corporate website, which are covered by our site privacy notices available here.
If you have any questions or concerns regarding this Policy, you may write to us at email@example.com or by mail to: Data Protection Officer, Evorra Ltd., Tc Group Level 1 Devonshire House, One Mayfair Place, London, W1J8AJ, UK.
About Evorra’s Products
Evorra is a technology company building products to help companies, marketers, advertising agencies and publishers manage personal data securely and deliver relevant advertisements to people based on their interests, activities and behaviors.
Evorra Products and Services consist of the following:
- Evorra’s clients can use data (called, “First Party Data”) available on the platform to reach the right online audiences for their products and services. We license data coming from data providers connected to the platform (mostly website and app owners).
- Evorra’s clients use this data to create segments associated with certain interests, behaviors, and attributes (for example, an interest in travel or an interest in sports). These data segments are associated with identifiers and shared with media activation channels, so that clients can send relevant advertisements to consumers on their computers, phones, and other mobile devices.
- Evorra’s clients and providers can transfer and organize marketing data related to their customers from their own sources – including client websites, mobile applications, CRM systems, and data partners. We provide the tools that facilitate our clients’ collection of this marketing data.
- Evora’s clients can match and enrich their data with First Party Data available on the platform so as to generate marketing insights on a given user population. We provide the tools that help clients generate these insights.
Evorra acts as a ‘data processor’ or ‘service provider’ in processing data on behalf of and at the direction of those clients and providers.
What Information We Collect and How We Collect it
Evorra collects and receives information on behalf of its clients and providers, First Party Data, for use in its Services. Evorra collects First Party Data via many methods, including cookies, pixel tags, secure file transfers, and server to server connections. Evorra pixel tags generally appear as “third party tags”. These methods allow Evorra to collect information from websites that Evorra does not own or operate.
The following information is collected and used by Evorra to provide its Services:
Demographic Information like Age band and Gender
Online Behavioral Information which may be used to determine your interest and intents:
- Websites and content viewed
- Mobile applications used
- Date and time of visits
- Frequency of visits
- Search terms used on a website
- Purchase and shopping events for retail websites
- Browsing events for content websites
Technical Identifiers which may be used to identity your device:
- Mobile advertising identifiers (Apple IDFA and Google AAID)
- IP address
- Non-personal data inferred from an IP address, such as non-precise geo-location data
- Any additional ID that are making sense for our clients and sub-processors we are integrated with
Personal Information that has been de-identified or pseudonymised
Evorra may use personal information that has been de-identified, typically by using a mathematical process (commonly known as a hash function) to convert information into a code. We use that de-identified data to provide our Services (including to connect your activity and interests).
How We Use Your Information
Evorra analyzes the information it collects and receives, extracts user profiles and attributes such as age, gender, geography, interests, online shopping and browsing events. Our clients and partners then can use the Evorra-created user profiles to create custom user groups and audiences to support targeted advertisement to these users on their computers, phones, and other mobile devices. Clients can join de-identified data coming from other websites or mobile apps with their own First Party Data when using Evorra’s Audience Builder or Audience Match and Insights.
Evorra uses the information it collects and receives to:
- Determine the overlap in different First Party data sets
- Offer a global view on user interests
- Create statistical models based on selected criteria
Evorra’s clients generally use First Party Data, along with other First Party Data provided by other Evora’s clients, to:
- Deliver targeted advertising campaigns to users across devices
- Serve targeted content to users across devices
- Create data-driven marketing products, including models
Using the Transparency Consent Framework terminology we will need your consent for the following purposes and features, Stacks are grouping consistent purposes (we cannot deliver our services if we collect only one of them):
|Purpose 1. Store and/or access information on a device||When our Pixel tracker is deployed, we install a cookie on your device(s) to recognize you as you come back to a given Web site.|
|Stack 8. Personalised ads and ad measurement||This stack groups p2. Select basic ads, p3. Create a personalised ads profile, p4. Select personalised ads, p7. Measure ad performance.
We build and enrich a profile representing your interests. This profile is used to create specific user groups or audience segments.
We pass on specific user groups or segments to Demand Side Platforms so they can select and display personalised ads to you.
We collect figures so as to measure the quality of these audiences and improve their quality over time.
|p9. Apply market research to generate audience insights||We offer some marketing insights on the audiences built on the platform.|
|p10. Develop and improve products||We use de-identified data for internal tests and to evolve our products.|
|f1. Match and combine offline data sources||Evorra offers the possibility to combine online data and offline data coming from our providers (for instance CRM data) or coming from 3rd parties for enrichment purposes (for instance weather information associated with a given location).|
|f2. Link different devices||Your profile will capture your interest across all your devices.|
|f3. Receive and use automatically-sent device characteristics for identification||Your device might be distinguished from other devices based on information it automatically sends, such as IP address or browser type.|
How We Share Your Information
In addition to sharing certain data as directed by clients, we may share information that is non-personal or pseudonymized with other clients and third party companies such as advertisers, agencies, ad networks or exchanges, to provide services to our clients and to enable our clients and those third parties to analyze user behaviors or to customize the ads that you see online. In addition, we may provide access to information we collect to other service providers, but to the extent we have any personal information we only share personal information with service providers who will only utilize the information to provide their services to us or for our clients.
We maintain the list of partners with whom we share your information in a separate document, available online. This document will be updated independently of this Policy, the date at the top of the document indicates the last revision.
If our company is sold, assigned, transferred, merged, files for bankruptcy protection, sells all or a portion of its assets, or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change, including in connection with a due diligence process. We may also release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect Evorra, our clients and users.
How we handle Political Data, Sensitive Data, and Information related to Children
Evorra does not collect information or share audiences classified by the General Data Protection Regulation as Sensitive Personal Data.
Evorra does not generate audience segments that are targeted to children under the age of 16.
Consumer Choice and the Ability to Opt-Out
Evorra provides you with the ability to opt-out of the collection and use of your information for interest-based advertising for all of Evorra’s Services. This means that Evorra, and any clients that utilize data collected by Evorra using a Evorra pixel tag or similar technologies, will not be able to use your data, past or future, for online interest-based advertising purposes.
Evorra is following the Transparency Consent Framework v2.0 policies and has applied to be part of the TCF Global Vendor List. When approved, Evorra, its purposes and features will appear in the standard consent form that a Consent Management Platform will present to you while you visit a particular Web Site. Any change in this consent will be forwarded to Evorra and we will make sure your data, past and future, is no longer processed if you opt-out.
You can also opt-out of the collection of data across unaffiliated sites over time for Interest-Based Advertising and other purposes from companies participating in the Digital Advertising Alliance Consumer Choice Page at www.aboutads.info/choices and from members of the Network Advertising Initiative via www.networkadvertising.org/choices.
In Europe, you can opt-out via the IAB Europe’s industry opt-out at www.youronlinechoices.eu.
European Economic Area (legal basis for processing personal data, Privacy Shield, and Subject Access Requests)
Evorra has certain responsibilities as both a data controller and a data processor under the European Union’s General Data Protection Regulation (“GDPR”). We will operate according to the principles of “privacy by design”.
We have appointed a Data Protection Officer
We are committed to conduct as we grow:
- Privacy Impact Assessments
- Internal and external trainings on GDPR
- Ensure compliance with the EU-US Privacy Shield Principles
- Implement Standard Contractual Clauses for transfers of online advertising and measurement of personal data out of the European Economic Area, Switzerland, and the UK.
- Join the IAB Global Vendor List for the GDPR Consent Framework
- Develop appropriate policies around security, data access, and breach procedures, which collectively implement an ISO 27001-certified Information Security Management System
Evorra is a U.K. company, the processing happens in the Cloud on data centers based in Europe, however we transfer information to sub-processors based in the United States. We will use exclusively sub-processors compliant with the EU-US Privacy Shield principles.
EEA residents have the right to request certain information from Evorra, including without limitation, the right to ask what personal data Evorra has collected on you from the EEA, and the right to ask that Evorra correct this personal data if you believe it to be inaccurate.
Evorra may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Security, Confidentiality and Retention
Evorra has implemented (and requires its sub-processors or sub-contractors to maintain) appropriate physical, administrative, and technical measures that are designed to help protect the data that Evorra collects or receives in connection with its Services from unauthorized access, disclosure, or modification. However, no security procedures or protocols can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store. In accordance with internal policies, Evorra promptly evaluates and responds to all security incidents as required by GDPR.
Evorra generally retains the non-personal user data we collect for all of our products and services for purposes of interest-based advertising for up to thirteen months from the date of its collection.
Evorra will review and update this Policy periodically in response to changing legal, technical and business developments. If we change the policy, we’ll provide notice by posting the new policy here, changing the date at the top, and indicating on our homepage that this Policy has been updated.
Ad Tech Glossary
Cookie: A cookie is a small file stored on your hard drive by your browser when you visit a website. This file helps recognise you and exchange information on your activities on this website.
Pixel Tags: A pixel tag is an invisible image or block of code that allows a website owner or third party to “drop” cookies and collect certain information about a user’s activities on a particular website.
IP Address: An IP address is a series of numbers that can be used to identify a particular device on a computer network. An IP address provides a general location of a device, but not a specific street address.
Advertising Identifiers: Advertising identifiers are unique identification numbers assigned to your mobile device by the hardware manufacturer. IDFA is the advertising identifier for Apple devices and AAID is the advertising identifier for Android devices. Advertising identifiers are used to identify devices and collect certain information about a user’s activities on a mobile device.
Hashed Email Address: A hashed email address is an email address that has been transformed into a string of numbers and letters such that it cannot be traced back to the email address. There are several hashing formats. But, for example, firstname.lastname@example.org, when hashed might look like this: 84838afd28b9215ea8d6f6247fb24b9cd7bc0811a234492374ec901ca095df03.