INTRODUCTION – WHO ARE WE?
BidBerry S.r.l., with registered offices in Pescara (PE), Via Falcone e Borsellino 26, Italy, VAT No. IT02509950693 (hereinafter, “Company” or “Bidberry”), is an international digital agency founded in 2019. By collecting and analyzing 3rd party user data from several sources around the web, BidBerry offers tools and tailored solutions to companies (advertisers and media agency) to turn high-quality data into revenue.
HOW TO CONTACT US?
– sending an e-mail to firstname.lastname@example.org or
– sending a registered letter with return receipt to the registered office of Bidberry (Pescara (PE), Via Falcone e Borsellino 26, Italy).
The Company has appointed Shibumi S.r.l. as its Data Protection Officer (DPO): email@example.com.
WHAT WE DO? – PROCESSING PURPOSES
We carry out media advertising activities, i.e. the sale of advertising space on sites and/or apps of publishers, our partners, accessible via desktop, smartphone and tablet (hereinafter, the “Device”): we have a third party role with respect to the website and/or mobile app from which you currently come from (hereinafter, “Websites”).
When you use and browse the Website, we install on your device cookies and/or other online identifiers, such as SDK, pixel and tag, to allow us to collect information that consents us to track Users’ consumer profile and make Users viewing advertisings that may be of interest for them, since complying with their preferences and consumer habits. Cookies are small text files that the websites visited by a User send directly to its terminal (usually, to the browser), where they are memorized to be transmitted to the same websites at the following visit of the same by the same User (so-called «first part cookies»). During the web surfing of a website, a User may receive on its terminal also cookies of other websites or of other web servers (so called «third-party cookies»); this happens because there may be elements on the visited website, such as images, maps, sounds, links to specific web pages of other domains that are on servers other than the server on which the requested page is placed. In other words, such cookies are set up on a website other than the one that is currently visited.
Bidberry by choice, only processes so-called pseudonymous data (i.e. data that will never allow us to identify you), only alphanumeric codes and never directly identifies you. Therefore, this means that we will never know the name, surname or email address of a user that has visited a Website. The data collected autonomously by the Company, as explained in this policy, may be combined also with other information which the Company may receive from third parties or other partner, with the only intent of deliver advertising campaigns more in line with the preferences of the users. The Company requests to these subjects to maintain reserved all the information shared and the Company will use this information only for the purposes described below. In order to do this, the Company enter into specific contracts with third parties and partners, and it requires these subjects to guarantee that they collected and process the data in compliance with the Applicable Law.
We process data in order to:
– profile Users and deliver basic or targeted advertising campaigns (or content) to users across devices;
– create pre-packaged audience segments;
– provide aggregated information about User interests;
– monitor, analyze and improve the effectiveness of online advertising campaigns (or online content);
– analyze, develop, improve and optimize our services;
– apply market research to generate audience insights;
– control and maintain the security of our systems.
WHAT DATA DO WE PROCESS?
When you visit a Website, the following is collected and used by Bidberry: Mobile advertising identifiers (Apple IDFA and Google AAID); Websites and content viewed; TimeStamp; User Agent; IP Address that is used only to infer non-personal data (e.g., non-precise geo-location data) and then deleted.
LEGAL BASIS – IAB FRAMEWORK
We will only process data if you provide your consent: the legal basis consists in Article 6, paragraph 1, lett. a) of the Regulation, that is the data subject has given consent to the processing of his/her personal data for one or more specific purposes.
For this reason – when you enter into a Website – the publisher requests your consent to the processing of your personal data: as technically we can’t do this, the owner of the Website also requests your consent on our behalf.
Bidberry takes the utmost account to the privacy rights and the protection of its Users’ personal information. For that and other reasons, Bidberry is part of the Transparency & Consent Framework of IAB Europe. Users may find more information here: https://iabeurope.eu/vendor-list/. In particular, Bidberry participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Bidberry’s identification number within the framework is 715.
LEGITIMATE INTEREST ASSESMENT
The following table aims to show that the subsequent processing of data collected with cookies and/or other tracking tools used by Bidberry on Websites, carried out by the Company under its legitimate interest, is disclosed to Users and is based under a prior legitimate interests’ assessment, as required under “The Transparency & Consent Framework (TCF)” of IAB Europe (hereinafter, “TCF”). In particular, as a controller under the TCF, Bidberry is required to justify the processing of personal data carried out under legitimate interest for “Special Purpose 1 – Ensure security, prevent and detect fraud, and fix errors” and for “Special Purpose 2 – Deliver and present advertising and content”. When assessing Bidberry’s legitimate interest, the interests of Bidberry as well as the interests of its publishers and its advertisers (and their respective intermediaries and agencies) were considered. In particular, the table below summaries Bidberry’s legitimate interest assessment.
||Context of processing. Users will receive notice of the subsequent processing and of the legal basis under which Bidberry processes the data through the Consent Management Platform (“CMP”), connected to the TCF, used by Bidberry’s publishers and/or advertisers on the Websites.
As required under the applicable law and the TCF, a balancing test was carried out by Bidberry in which it was confirmed that, having prior obtaining the consent of the user for the “Purpose 1 – Store and/or access information on a device”, the processing for the two subsequent Special Purposes at stake carries no risk of undue negative impact on the data subjects’ interests or fundamental rights and freedoms.
||Purpose of processing: Special Purpose 1 – Ensure security, prevent and detect fraud, and fix errors.
||Purpose of processing: Special Purpose 2 – Deliver and present advertising and content.
|Bidberry will subsequently process the data, collected through cookies and/or other tracking tools, only to:
- monitor for and prevent unusual and possibly fraudulent activities (for example, preventing that the clicks on an ads derive from the use of bots);
- ensure the systems and processes work properly and securely; and
- correct any problems Bidberry (or its clients or providers) may encounter in the delivery of ads.
Both Bidberry and advertisers will benefit from the prevention and detection of frauds (as, by way of example, this processing will avoid advertisers to pay for ads that were not delivered to human nor clicked by human). Both Bidberry and publishers will benefit from the fixing of errors encountered as this will increase the possibility of monetization of the publishers’ Properties without losing any valid traffic. Moreover, also the User will benefit from the processing at stake as Bidberry will be able to ensure data is securely transmitted, as well as it will be able to correct any problems that the User encounters in the delivery of an ad or in his/her interaction with the ad.
|Bidberry will subsequently use certain information (like an IP address), collected through cookies and/or other tracking tools, to ensure the technical compatibility of the advertising, and to facilitate the transmission of the ad to the User’s device. In particular, the said information will be used by Bidberry in order to:
- receive and respond to an ad request or to a User’s interaction with ad;
- delivery of ad-files to an IP address or send the User to a landing page; and
- logging that an ad was delivered, without recording any personal data about the User.
Both Bidberry and the advertisers benefit from the processing activities at stake, as Bidberry shall be able to deliver the ads as requested by the advertisers. At the same time, being able to deliver the ad to the Users will benefit the publishers as their intention is to monetize the advertising spaces available in the Properties. Finally, also the Users will benefit from this processing activity as Bidberry will be able to provide a response to a request deriving from the Users’ devices (such as a click on an ad).
||The intended processing is necessary and proportionate for the purposes and interests explained above considering that Bidberry is not allowed to use the data for any other data processing operation allowed under a different purpose of the TCF (such as improving its system). There are no less intrusive alternatives that use less, or no, personal data as the use of personal data is necessary in order to carry out the purpose specified.
||The intended processing is necessary and proportionate for the purposes and interests explained above considering that Bidberry is not allowed to use the data for any other data processing operation allowed under a different purpose of the TCF (such as logging personal data about the user to which an ad was delivered). There are no less intrusive alternatives that use less, or no, personal data as the use of personal data is necessary in order to carry out the purpose specified.
||Taking into account the nature and purposes of the processing, it is possible to affirm that risks for Users to their rights and freedoms are very low. In particular, among the others, Bidberry evaluates the following aspects:
- Nature of the data: no special category of personal data is processed, Moreover the data does not contain precise location data nor demographic or psychographic information. The data processed are pseudonymised, thus there are less privacy risky, considering that Bidberry does not know the real identity of a User;
- Data subjects’ characteristics: Bidberry does not voluntary collects data pertaining to vulnerable population (such as children).
- Data subject’s reasonable expectations: a reasonable person would expect the processing in light of the particular circumstances. Moreover, Users are informed about the processing through the CMPs’ user interfaces.
- Effects on availability of a service: the processing activity carried out by Bidberry has no effect on the availability of the service offered to Users by the publisher of the Website.
There are also other mitigating factors:
- Recital 47 of EU Regulation 2016/679 explicitly states that fraud prevention and direct marketing may represent legitimate interests of the controller;
- The prevention of fraud, the misuse of services, IT and network security are some of the most common contexts, in which the issue of legitimate interest may arise according to Article 29 Working Party (Opinion 06/2014 on legitimate interest);
- According to the “Report of the work undertaken by the Cookie Banner Taskforce”, adopted by the European Data Protection Board on 17 January 2023, “Concerning the subsequent processing activities undertaken by the controller of data, meaning the processing which takes place after storing or gaining access to information stored in the terminal equipment of a user in accordance with Article 5(3) Directive 2002/58/EC (for example, the placement or reading of cookies), the delegations confirmed that the applicable framework is the GDPR (including to consent, even if given at the same moment of the placement of cookies, as far as this consent constitutes the legal basis of the subsequent processing), in line with the conclusions of EDPB Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR”.
In conclusion, considering that (i) the TCF specifies two Special Purposes, that Bidberry needs to fulfill in order to i) technically be able to serve ads over the network to an IP address, and ii) ensure security and fix errors; and (ii) the only legal basis that is applicable to these Special Purposes under the TCF is the legitimate interest, Bidberry is going to carried out the processing activities (“Special Purpose 1 – Ensure security, prevent and detect fraud, and fix errors” and “Special Purpose 2 – Deliver and present advertising and content” of the TCF) to achieve the abovementioned benefits for ourselves and others (such as Bidberry’s advertisers and publishers), considering that there are no risks nor impacts on Users and Bidberry believes its interests outweigh those interests of the Users.
WITHDRAW YOUR CONSENT – OPT-OUT
We also point out that if You would like to opt-out, You have alternative options. Modify browser’s settings: There are several options to manage, disable and remove the cookies. Users can follow the instructions provided by their browsers’ producers to discover how to manage, disable or remove all the cookies (technical, analytics and profiling):
– Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies;
– Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&p=cpn_cookies;
– Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences;
– Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac;
– Opera: https://help.opera.com/en/latest/web-preferences/.
Use our interactive instruments or those provided by Bidberry’s Partners: in order to disable Bidberry’s profiling cookies, Users can simply use the following interactive tool: https://www.bidberrymedia.com/optout/
Users’ choice to oppose to the use of such cookies will not have any consequences on the possibility to surf on the Website and to use its functionalities and could be revoked by Users at any time whatsoever by using the same button.
In order to disable the cookies, if any, of Bidberry’s Partners, please see the privacy policies of those third parties (paragraph 7 below) in order to know the other instruments available to Users for managing, disabling and removing cookies and, more in general, to oppose to their use.
Please be reminded that, by disabling third-party cookies: (i) Users are opposing to their use not only on the Website, but on all the Internet websites on which such cookies are used; and (ii) the possibility to surf on the Website and use its functionalities will not be jeopardized in any manner whatsoever. When Users disable the third-party cookies, Users will however display the banner on the cookies on the Website’s home page; but, in such event, closing the banner and surfing the home page or clicking an element whatsoever outside the banner, Users will not receive any third-party cookies duly disabled.
Use the website www.youronlinechoices.com: Your Online Choices is an Internet website managed by the non-profit organisation European Interactive Digital Advertising Alliance (EDAA), the English version of the same is available at the address www.youronlinechoices.com/ , providing information on the behavioural advertisings based on profiling cookies (www.youronlinechoices.com/uk/about-behavioural-advertising) and allow the Internet users to oppose easily (opt-out) to the installation of the main profiling cookies installed by the marketing operators and used on Internet websites (www.youronlinechoices.com/uk/your-ad-choices). Before using this instrument, we hereby recommend Users to read carefully the general terms and conditions of the site Your Online Choices (www.youronlinechoices.com/uk/terms-conditions), the frequent asked questions (FAQ) (www.youronlinechoices.com/uk/faqs) and the users’ guide (www.youronlinechoices.com/uk/opt-out-help)
DATA SHARING AND BIDBERRY’S PARTNERS
We may share information that is non-personal or pseudonymised with other clients and third-party companies such as advertisers, agencies, ad networks or exchanges, to enable our clients and those third parties to analyze online behaviors or to customize the ads that data subjects see online. We inform You that information relating to You may be acquired and processed also by some of our partners (hereinafter, “Bidberry’s Partners”), through dedicated tools installed when you browse the Website. Here is a list of Bidberry’s Partners:
||Bidberry’s Partner Privacy Notice
To disable the above profiling identifiers, change the settings of your device, or visit the privacy notice of Bidberry’s Partners.
Users’ personal data will be retained for 365 days, unless a User has opted out, for the time strictly necessary to carry out the relevant purposes described in the previous paragraph 3, and in any case for the time necessary for the protection of the civil interests of the Users and of the Company.
PROCESSING METHODS, DATA DISCLOSURE AND DISSEMINATION
The Company acts as the data controller of the processing of the abovementioned data, in accordance with the provisions of Applicable Law, with state-of-the-art security measures, such as the use of sophisticated pseudonymization techniques: no personal data will ever be visible to Bidberry as “cleartext”. We will only process your data by electronic means, in a fully automated manner and, for the most part, without human intermediation. Therefore, our employees and collaborators will never access the contents of your personal data. Some of our employees and collaborators, appointed by us as persons in charge of the processing, may carry out maintenance work on the computer systems that host your data, without ever being able to access their actual contents. Personal data may be stored on servers managed by third parties (e.g. suppliers of computer systems) or may be managed by persons specializing in on-line advertising, who act as data processors on the basis of a written appointment by the Company.
All processing activities are carried out with systems strictly related to the purposes themselves and, in any case, to ensure the security and confidentiality of the data.
Bidberry hereby informs Users that, complying with the requirements and the guarantees provided under the Regulation, Users’ personal data could be transferred to countries outside the European Union that could not guarantee a level of privacy and personal data protection equal to the level of protection guaranteed by the Regulation, but as data controller Bidberry takes the utmost account of the right to security and protection of personal data of Users, therefore Bidberry will process such transfers with all due care and guarantees. In particular, the personal data of Users may be transferred outside the European Union and, in that case, Bidberry will ensure that the transfer will take place in accordance with the Applicable Law and, in particular, in accordance with Article 45 (Transfers on the basis of an adequacy decision) and Article 46 (Transfers subject to appropriate safeguards) of the Regulation. Users’ personal data will not be transferred to third parties, nor will be disseminated.
DATA SUBJECTS’ RIGHTS
Users may exercise their rights granted by the Applicable Law at any time by:
sending an e-mail to firstname.lastname@example.org or
sending a registered letter with return receipt to the registered office of Bidberry (Pescara (PE), Via Falcone e Borsellino 26, Italy).
The Company has appointed Shibumi S.r.l. as its Data Protection Officer (DPO): email@example.com.
Pursuant to Applicable Law, the Company informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
a) access, updating, rectification, or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or the blockage of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
c) certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
Moreover, Users have:
a) the right to revoke consent at any time, if the processing is based on their consent;
b) (when applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit processing of personal data and right of deletion (“the right to be forgotten”);
c) the right to oppose to:
i) in whole or part, for legitimate reasons, the processing of personal data relating to you for legitimate reasons even pertinent to the purpose of collection;
ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling in so far as it is related to such direct marketing.
d) if it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).