Product Privacy Policy

Last update 19 January 2024

This Product Privacy Policy (“Policy”) explains how Evorra Limited (“Evorra”, “we”, “us” and “our”) collects, uses, shares, sells information, including Personal Information, we receive from or collect on behalf of our business customers or data providers and their users (“you” and “your”) in connection with their access to and use of the Evorra Products and Services described in the next section.

“Personal information” is information that identifies an individual or relates to an identifiable individual and includes ‘personal data’ as that term is used in the European Union’s General Data Protection Regulation.

This Policy applies only to information that we process on behalf of our customers (where we act as a ‘data processor’ or ‘service provider’) in connection with our Services. This Policy does not cover any information we collect or process from our own corporate website, which are covered by our site privacy notices available here.

If you have any questions or concerns regarding this Policy, or if you wish to obtain a copy of your personal data that we are processing as part of our Services (sometimes referred to as a Data Subject Access Request),  you may write to us at dpo@evorra.com or by mail to: Data Protection Officer, Evorra Ltd., 85 Great Portland Street, London, England W1W 7LT.

iab Transparency and Consent Framework badge

About Evorra’s Products

Evorra is a technology company building products to help companies, marketers, advertising agencies and publishers manage personal data securely and deliver relevant advertisements to people based on their interests, activities and behaviors.

We understand the importance of a data privacy policy that is transparent and protective of Personal Data in the operation of our business. We do not use information that directly identifies anyone as a specific person (ex. name, address, email address or phone number), but we may use pseudonymised personal information as described below.

Evorra Products and Services consist of the following:

  • Evorra’s clients can use data available on the platform to reach the right online audiences for their products and services. We license data coming from data providers connected to the platform (mostly website and app owners).
  • Evorra’s clients use this data to create segments associated with certain interests, behaviors, and attributes (for example, an interest in travel or an interest in sports). These data segments are associated with identifiers and shared with media activation channels, so that clients can send relevant advertisements to consumers on their computers, phones, and other mobile devices.
  • Evorra’s clients and providers can transfer and organize marketing data related to their customers from their own sources – including client websites, mobile applications, CRM systems, and data partners. We provide the tools that facilitate our clients’ collection of this marketing data.
  • Evora’s clients can match and enrich their data with First Party Data available on the platform so as to generate marketing insights on a given user population. We provide the tools that help clients generate these insights.

Evorra acts as a ‘data processor’ or ‘service provider’ in processing data on behalf of and at the direction of those clients and providers.

What Information We Collect and How We Collect it

Evorra collects and receives information on behalf of its clients and providers, including First Party Data, for use in its Services. Evorra collects Data via many methods, including cookies, pixel tags, secure file transfers, and server to server connections. Evorra pixel tags generally appear as “third party tags”. These methods allow Evorra to collect information from websites that Evorra does not own or operate.

The following information is collected and used by Evorra to provide its Services:

Demographic Information like Age band and Gender

Online Behavioural Information which may be used to determine your interest and intents:

  • Websites and content viewed
  • Mobile applications used
  • Date and time of visits
  • Frequency of visits
  • Search terms used on a website
  • Purchase and shopping events for retail websites
  • Browsing events for content websites

Technical Identifiers which may be used to identity your device:

  • Cookies
  • Mobile advertising identifiers (Apple IDFA and Google AAID)
  • IP address
  • Non-personal data inferred from an IP address, such as non-precise geo-location data
  • Any additional ID that are making sense for our clients and sub-processors we are integrated with

Personal Information that has been de-identified or pseudonymised

Evorra may use personal information that has been de-identified, typically by using a mathematical process (commonly known as a hash function) to convert information into a code. We use that de-identified data to provide our Services (including to connect your activity and interests).

How We Use Your Information

Evorra analyses the information it collects and receives, extracts user profiles and attributes such as age, gender, geography, interests, online shopping and browsing events. Our clients and partners then can use the Evorra-created user profiles to create custom user groups and audiences to support targeted advertisement to these users on their computers, phones, and other mobile devices. Clients can join de-identified data coming from other websites or mobile apps with their own First Party Data when using Evorra’s Audience Builder or Audience Match and Insights.

Evorra uses the information it collects and receives to:

  • Determine the overlap in different data sets
  • Offer a global view on user interests
  • Create statistical models based on selected criteria

Evorra’s clients generally use Data to:

  • Deliver targeted advertising campaigns to users across devices
  • Serve targeted content to users across devices
  • Create data-driven marketing products, including models

Using the Transparency Consent Framework terminology we will need your consent for the following purposes and features, Stacks are grouping consistent purposes (we cannot deliver our services if we collect only one of them):

Purposes
Purpose 1. Store and/or access information on a device When our Pixel tracker is deployed, we install a cookie on your device(s) to recognise you as you come back to a given Web site.

Stack 8. Personalised ads and ad measurement This stack groups p2. Select basic ads, p3. Create a personalised ads profile,  p4. Select personalised ads, p7. Measure ad performance.

We build and enrich a profile representing your interests. This profile is used to create specific user groups or audience segments.

We pass on specific user groups or segments to Demand Side Platforms so they can select and display personalised ads to you.

We collect figures so as to measure the quality of these audiences and improve their quality over time.

p9. Apply market research
to generate audience insights

We offer some marketing insights on the audiences built on the platform.
p10. Develop and improve products

We use de-identified data for internal tests and to evolve our products.

 

Features
f1. Match and combine offline data sources Evorra offers the possibility to combine online data and offline data coming from our providers (for instance CRM data) or coming from 3rd parties for enrichment purposes (for instance weather information associated with a given location).

f2. Link different devices Your profile will capture your interest across all your devices.

f3. Receive and use automatically-sent device characteristics for identification Your device might be distinguished from other devices based on information it automatically sends, such as IP address or browser type.

How We Share Your Information

In addition to sharing certain data as directed by clients, we may share information that is non-personal or pseudonymized with other clients and third party companies such as advertisers, agencies, ad networks or exchanges, to provide services to our clients and to enable our clients and those third parties to analyze user behaviors or to customize the ads that you see online. In addition, we may provide access to information we collect to other service providers, but to the extent we have any personal information we only share personal information with service providers who will only utilize the information to provide their services to us or for our clients.

We maintain the list of partners with whom we share your information in a separate document, available online. This document will be updated independently of this Policy, the date at the top of the document indicates the last revision.

If our company is sold, assigned, transferred, merged, files for bankruptcy protection, sells all or a portion of its assets, or undergoes some other change to its corporate form, information may be transferred as part of that transaction or change, including in connection with a due diligence process. We may also release information in order to comply with requests from law enforcement, government agencies, and similar entities, or to otherwise protect Evorra, our clients and users.

Evorra does not collect information or share audiences classified by the General Data Protection Regulation as Sensitive Personal Data.

Evorra does not generate audience segments that are targeted to children under the age of 16.

Consumer Choice and the Ability to Opt-Out

Evorra provides you with the ability to opt-out of the collection and use of your information for interest-based advertising for all of Evorra’s Services. This means that Evorra, and any clients that utilize data collected by Evorra using a Evorra pixel tag or similar technologies, will not be able to use your data, past or future, for online interest-based advertising purposes.

Evorra is following the Transparency Consent Framework v2.0 policies and is an approved member of the TCF Global Vendor List. Evorra, and our purposes and features, should appear in the standard consent form that a Consent Management Platform will present to you when you visit a particular Web Site. Any change in this consent will be forwarded to Evorra and we will make sure your data, past and future, is no longer processed if you opt-out.

You can also opt-out of the collection of data across unaffiliated sites over time for Interest-Based Advertising and other purposes from companies participating in the Digital Advertising Alliance Consumer Choice Page at www.aboutads.info/choices and from members of the Network Advertising Initiative via www.networkadvertising.org/choices.

In Europe, you can opt-out via the IAB Europe’s industry opt-out at www.youronlinechoices.eu.

You can also opt-out of Evorra’s database here.

Evorra has certain responsibilities as both a data controller and a data processor under the European Union’s General Data Protection Regulation (“GDPR”), which applies to all countries in the European Economic Area (EEA) and under the UK’s Data Protection Act 2018 . We operate according to the principles of “privacy by design”.

We have appointed a Data Protection Officer.  We have also appointed an EU representative (Spotazur SAS, c/o Aaron Ritoper, 2 Rue Eugene Emanuel, 06000, Nice, France) in accordance to Article 27.  

If you wish to obtain a copy of your personal data that we are processing as part of our Services (sometimes referred to as a Data Subject Access Request),  you may write to us at dpo@evorra.com or by mail to: Data Protection Officer, Evorra Ltd., 85 Great Portland Street, London, England W1W 7LT.

We are committed to conduct as we grow:

  • Privacy Impact Assessments
  • Internal and external trainings on GDPR
  • Implement Standard Contractual Clauses for transfers of online advertising and measurement of personal data out of the European Economic Area, Switzerland, and the UK.
  • Maintain our membership with the IAB Global Vendor List for the GDPR Consent Framework
  • Develop appropriate policies around security, data access, and breach procedures, which collectively implement an ISO 27001-certified Information Security Management System

Evorra is a U.K. company.  Local/regional storage and processing of data occurs based on applicable laws and data provider requests.  We may transfer information to sub-processors based in the United States. We will use sub-processors compliant with our standard contractual clauses.

EEA and UK residents have the right to request certain information from Evorra, including without limitation, the right to ask what personal data Evorra has processed, and the right to ask that Evorra correct this personal data if you believe it to be inaccurate.  Please contact us via email or our physical mailing address noted in the 4th paragraph of this Policy.

EEA and UK residents have the right to lodge a complaint with a single supervisory authority, in particular in the country of his or her habitual residence, and the right to an effective judicial remedy in accordance to the EU or UK GDPR if the you consider your rights under GDPR are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect your rights.

Evorra may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security, Confidentiality and Retention

Evorra has implemented (and requires its sub-processors or sub-contractors to maintain) appropriate physical, administrative, and technical measures that are designed to help protect the data that Evorra collects or receives in connection with its Services from unauthorized access, disclosure, or modification. However, no security procedures or protocols can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store. In accordance with internal policies, Evorra promptly evaluates and responds to all security incidents as required by GDPR.

Evorra generally retains the non-personal user data we collect for all of our products and services for purposes of interest-based advertising for up to thirteen months from the date of its collection.

Privacy Policy Changes

Evorra will review and update this Policy periodically in response to changing legal, technical and business developments. If we change the policy, we’ll provide notice by posting the new policy here, changing the date at the top, and indicating on our homepage that this Policy has been updated.

Ad Tech Glossary

Cookie: A cookie is a small file stored on your hard drive by your browser when you visit a website. This file helps recognise you and exchange information on your activities on this website.

Pixel Tags: A pixel tag is an invisible image or block of code that allows a website owner or third party to “drop” cookies and collect certain information about a user’s activities on a particular website.

IP Address: An IP address is a series of numbers that can be used to identify a particular device on a computer network. An IP address provides a general location of a device, but not a specific street address.

Advertising Identifiers: Advertising identifiers are unique identification numbers assigned to your mobile device by the hardware manufacturer. IDFA is the advertising identifier for Apple devices and AAID is the advertising identifier for Android devices. Advertising identifiers are used to identify devices and collect certain information about a user’s activities on a mobile device.

Hashed Email Address: A hashed email address is an email address that has been transformed into a string of numbers and letters such that it cannot be traced back to the email address. There are several hashing formats. But, for example, marc@evorra.com, when hashed might look like this: 84838afd28b9215ea8d6f6247fb24b9cd7bc0811a234492374ec901ca095df03.

Evorra