How we care about your privacy - introduction

Internet BillBoard a.s. is a company developing computer programs and applications. Web site owners and publishers can use those applications to deliver advertising into their web pages. By doing so, they are earning the funds necessary to run their web sites – to create the web pages, to collect and process the information they present, etc.

We, as Internet BillBoard, cannot avoid working with and/or processing personal data – i.e. data which can be directly or indirectly linked to a physical person, such as you. In most cases we can’t identify those persons or you. We can’t tell what your name or social security number is, where exactly you live and so on.

Yet, because there is a – rather theoretical – possibility that, for example, a court, the police, etc. could order the linking of our data to data from third parties, which could lead to disclosing your identity, your name, etc., we treat all these data as of high importance to you, as your personal data, according to the EU’s GDPR directive.

That means that we only store what we absolutely, necessarily have to store for the various purposes we list on these pages. We only store those data for the time it is really needed. And we do our best to protect those data in such a way that, even if they leaked, they would be of no use to anyone and so would have no negative consequences for you.

For example, where possible, data are encrypted so that un-authorized persons cannot read them. Only those employees whose access to the data is needed for the performance of their jobs have access, and all those employees are trained in how to work with personal data.

These pages provide all the information about the data we process and for what purposes. You will also find here information about what you can do if you have any complaints about the processing of your personal data.

Internet BillBoard respects your choice and your privacy.

Please continue reading about

What data we consider to be personal

According to law, personal data are any data which are or can be linked to an identifiable, physical person.

Although we usually do not work with names, surnames, social security numbers and similar data which could directly identify a physical person, we do work with other data which, indirectly, could help identifying him/her. This is a list of such data:

IP addresses

Whenever you try to visit a webpage in your browser, your computer begins to exchange data with the computer which serves the web page.

We (humans) need addresses and zip codes to precisely deliver our letters and parcels. Computers need some addresses as well. Each of them is assigned a unique, so-called IP address, which other computers can use to send data to it. It is like a computer-specific ZIP code.

IP addresses may look like this: 192.168.45.12

As you can see, it is not a real address of your flat or house, but merely a number which computers can easily process. Without IP addresses, the internet as we know it would not work.

Although we at Internet BillBoard cannot figure out much from the IP address of your computer, European courts previously decided that it is necessary to consider IP addresses as personal data. This is because, if linked to the data recorded by internet providers (by law), the authorities such as the police or court could derive your address or identity from it.

It is important to understand that almost all internet pages are in fact built from many smaller pieces, similarly to a jig-saw puzzle. Each of these pieces may be processed and delivered by a different computer (server). Thus, when visiting a single web page, your IP address is necessarily revealed to many different computers, potentially in many different parts of the world.

In the case of our clients (publishers), the web page can consist of its main content, such as an article or video, and of advertising slots. If you enter such a page, your IP address will be revealed to computers of our client as well as to ours.

Unless necessary, we do not store full IP addresses. For example, we drop the last number from it. This effectively disables anyone from linking it to your computer. It is similar to dropping the last digit from a ZIP code. We would still deliver to the right city, but not a right street or home.

Yet this measure is not always possible. Sometimes, such as to find an attacker, we need a full IP address.

In cases where we process a complete IP address we treat it and all the data linked to it as personal data.

There is no way for you to avoid transmitting your IP address, as it is required for the internet to work as it works. If you wished, you could hide your true IP address behind some other one using a dedicated service. Yet even those services will see your true IP address.

Web page readers’ identifiers

Whenever your web browser talks to other computers in the WWW (the servers), these computers can ask it to store a short string of data in your computer. It’s like asking: “Hey, could you please store this for me for a while?” This can help websites to remember important information they need to improve your user experience.

For example, it can be used to remember that you have already logged in and so you don’t have to provide your credentials again. It can be used to store your color preferences, preferred text sizes and other personal choices, etc.

Internet BillBoard uses it to store your unique identifier. Find out why it is useful for you and us.

This identifier may look like this: BBID-12345678901234567

So, we can’t tell what your name or address is, but we can tell that we have seen such an identifier previously, on another web site for example.

Please read how we use this identifier. We are sure you’ll find out it is in fact useful for you as well.

Your current identifier is:

You can, at any time you wish, change this identifier. By doing so, you can force us to forget everything about you, because you will remove the only existing link between you and the data.

Even though it is very difficult for us to link this identifier with you as an identified, physical person, we still treat all the data which contain this identifier as personal data.

If you wish, you can also read how we store the identifier, how to prevent it and how you can delete it.

Why we collect personal data

We collect personal data for two main reasons :

  • we need them for our own purposes and work
  • they are necessary to fulfill the needs of our clients

This is a list of actual purposes for processing personal data which might affect you.

Why Internet BillBoard needs your personal data

Most of the data we are collecting, we are collecting for our clients. Yet, in certain cases, we collect data for our own purposes. In such cases, we are considered to be “data controllers” by the law. This is a list of our own purposes for collecting data:

Enhancing our website

As with every business, it is important to us to understand whether our website is comprehensible, easy to use and whether it helps us to gain new customers. This is why we collect information about the user journey, about the entry points, about the time spent by the users on the website, etc.

This information is only stored for 3 months. We are convinced that we can legally do so as it is our legitimate interest.

Security

Not all internet users visit us in good will. Hackers and others never sleep. This is why we store information about accesses to our websites and services – to help us disclose and prevent different kinds of attacks. It is also important to protect the other data we process. We store data about access frequencies, which computers are accessing us, which browsers, etc.

This information is only stored for 3 months. We are convinced that we can legally do so as it is our legitimate interest.

Why we think these data are personal

Simply because they contain the IP address of your computer.

Why we collect personal data on behalf of our clients

Our clients use programs and applications we develop to deliver advertising to their websites, video players, mobile applications, etc. For the vast majority of them, this is the way they collect funds to finance these websites and to keep them accessible for free. Without advertisements, like it or not, these websites would cease to exist. And our society would lose the variety of choice and opinions.

One can nowadays hardly imagine a cellular phone without the possibility to send and receive SMS. The same holds true for internet advertising – there is a set of features that everyone expects.

Any advertiser, buying an internet advertisement, expects data like:

  • How many different internet users saw my ads?
  • How often and how many times they saw them?
  • Which cities, counties, states were they from?
  • What browsers did they use?
  • When did they see the ads?
  • And so on…

You, as web site readers or consumers, probably do not want to be annoyed with the same ads all the time. Or with ads which are completely irrelevant. The advertisers paying for the ads also do not want to spend their money to deliver ads to people who consider it irrelevant.

This is why it is important for our clients that we process some personal data on their behalf. Below is the list of all the concrete purposes we process the data for.

We are convinced that doing so is a legitimate interest of our clients. Yet, you have the right to object to that. Please check what your rights are.

Limiting the count and frequency of ads

Neither you nor the advertisers have any interest in flooding you with the same ad all the time.

This is the reason why we have to remember which ads you have seen already, how many times and when was the last time. For this purpose, we use unique reader identifiers or cookies.

We store this data for 3 months from your last contact with advertisement that was processed by our systems.

Description of the advertising inventory

To be able to sell an advertisement, our clients must be able to describe the qualities of the advertising inventory they are offering – in other words, to describe who will see the ads.

On TV, the ads with a wider audience, with many people seeing it, are more expensive. On the internet, it is also important how many different people will see your ads.

That is why we use unique reader identifiers to count statistics about, e.g.:

  • How many different readers (users) can see an ad of a particular size
  • How many different users there are in some geographical region
  • How many users use different kinds of browsers
  • And so on…

These data are, when reported back to our clients, aggregated for many users and so it is not possible to derive any information about a particular user, such as you, from them.

We store this data for 3 months from your last contact with advertisement that was processed by our systems.

Description of campaign results

If an advertising campaign is sold to the advertiser by our client, promising that it will be delivered to e.g. 100.000 unique users, it is also important to prove afterwards that it was so and that the advertiser’s money was spent effectively.

That is why we use unique reader identifiers to count statistics about, e.g.:

  • How many different users saw a concrete ad
  • When…
  • Where (on which site…)
  • And so on…

These data are, when reported back to our clients, aggregated for many users and so it is not possible to derive any information about a particular user, such as you, from them.

We store this data for 3 months from your last contact with advertisement that was processed by our systems.

Automated sales of advertising

On behalf of our clients (publishers), we offer the available advertising space into auction. The bidders are third parties (the advertisers or agents acting on their behalf).

Advertising partner Partner Company name Privacy settings
Stroeer SSP Ströer SSP GmbH Link
Adform Adform A/S Link
Google DBM Google Ireland Ltd. Link
BidSwitch BIDSWITCH GmbH Link
Crimtan Crimtan Holdings Ltd. Link
RTB House RTB House S.A. Link
Colpirio Colpirio s.r.o. Link
Clickonometrics Clickonometrics Sp. z o.o. Link
Go.pl Go.pl Sp. z o.o. Link

While offering the advertising space to those third parties, we are describing it using data which should be considered personal. Please, take the time to read the details.

Shares of various companies are today rarely sold as we picture it based on the Wall Street movies. It is rather computers than people who are making the deals. The world of internet advertising has developed into a similar thing.

Whenever you visit a website of our client, we will offer on their behalf the ad spaces in the web page to potential future advertisers in a way similar to the following:

„A reader known to you under identifier abc123XYZ has just visited a page S which is hosting an ad space of dimension WxH. Are you interested? How much do you offer?“

We will choose the best offer made. Then, we will compare it with the ads already sold by our client directly. We will again choose the best one and display it.

We consider this to involve personal data because, as part of the offer made, we are also exposing your IP address and sometimes also your unique reader identifier.

If we did not do that, it would be impossible for the advertisers not to display the same ad to you all the time. It would be impossible to describe the campaign results (how many different users have seen my campaign?), etc. That is why we believe it is a legitimate interest of our clients – or clients of other clients.

All third parties taking part in the auction are subject to the same regulation with respect to the handling of personal data as we are (GDPR). They cannot legally use your data for any other purposes.

We store this data for 3 months from your last contact with advertisement that was processed by our systems.

Avoiding fraud

Not every internet user is, unfortunately, honest. There are persons and companies who are trying to earn money in an unfair way, by pretending to display ads which are never seen by anyone etc. That is why we have to process some personal data, such as IP addresses, and related technical data about the computers to which we deliver ads, the browsers used, etc. We need them to protect against fraud.

We store this data for 3 months.

Ad targeting

Some advertisers have specific demands with respect to which readers should or should not see their ads. For these reasons it is sometimes necessary to use some personal data.

It is specifically for these kinds of targeting:

  • Only readers connecting to the internet from some city, county, country etc. (requires processing of an IP address)
  • Only readers connecting to the internet from a particular company (requires processing of an IP address)
  • Only readers who have seen, or haven’t seen, a previous advertising campaign of the advertiser. (requires processing of unique reader identifier)
  • Only readers who, for example, bought a TV set on advertisers site within the last month (requires processing of unique reader identifier)

From an IP address, it is possible to derive a city or country a reader is connected from.

We remember which readers, with a unique reader identifier, have already seen which ads.

Our clients, or their clients, can label readers with a unique reader identifier with any kind of labels. For example, the label „A89F“ may mean “a reader who bought a TV set”. Then, the advertiser can use these labels to only target users who were previously labeled or vice versa.

We store this data for 3 months from your last contact with advertisement that was processed by our systems.

Your rights in relation to the processing of personal data

Because we are processing most of the personal data on behalf of our clients, you should, from a legal perspective, primarily contact them in the event you have any objections or comments. Assuming you have come to us from a client website, you should contact that website’s owner first.

If you are unsure or have any doubts, feel free to contact us. In cases where your inquiry pertains to someone else, we will try to help you to reach the right party.

In any case where we are processing your personal data for our own purposes, don’t hesitate to contact us should you have any comments, requirements, etc.

In general, you have the following rights as the “data subject”, i.e. the person who’s data are being processed:

  1. If there is a legal requirement for your consent to the processing of your data, you have the right to revoke your consent at any time.
  2. If Internet BillBoard is a “controller” of your data – i.e. if we process it for our own purposes – you have the right to have access to your personal data and to demand their correction.
  3. You also have further rights like – right to erasure of your data, right to restrict the processing, right to object to processing for marketing reasons, right to transfer your data.
  4. You have the right to disagree with the processing of your personal data.
  5. You have the right to object at the appropriate state authority responsible for data protection (UOOU).

Please note that most of these rights are subject to various conditions, some of which were mentioned above.

We have tried to explain here why we need to process your personal data. If there is a legal requirement for your explicit consent, (http://www.ibillboard.com/en/privacy-information/#terms-glossary) you are NOT obliged to give it to us. If you decide to give us your consent, you are always entitled to revoke it, at any time.

Please note that there are legal reasons for processing your personal data, which do not require your consent. For example, we might have a legitimate interest in processing some personal data for data security reasons. In these cases, we are still obliged to inform you about the purposes of this processing. This is what these pages are about.

If you revoke your consent, we will cease processing your personal data for purposes that require that revoked consent.

If you wish to revoke your consent to the processing of your personal data, you can do that by:

  1. e-mailing us to gdpr@ibillboard.com
  2. by delivering in writing to our address at: Internet BillBoard a.s., Beethovenova 2, Opava, 74601, Czech Republic

In case of any question or inquiry related to personal data protection, consent revocation, or in case of any complaints, please contact us also using the contact described above.

Please note that we have to make sure that we are actually discussing your personal data – that they belong to you. It is not necessarily easy, because we do not have any direct tools to connect our data to a particular, physical person. We do not know whether a particular unique reader identifier belongs to Jan Novak or John Doe.

That is why the easiest way might be just to make us forget everything about you.

Glossary of Terms

Please note that these are not the exact legal definitions. We are rather trying to explain them in a plain, understandable language.

Legitimate interest

GDPR directive provides multiple legal grounds for the processing of personal data. One of them is legitimate interest. It basically means that we have a very good reason for processing your data, while doing so does not unduly harm your rights or interests.

For some processing purposes, the GDRP directive demands an explicit, informed consent of the data subject, i.e. you. It is mostly in cases where you might not expect such processing, or where processing your data might have unwanted, adverse consequences for you, your rights and your life.

In relation to internet advertising, it is mostly the case where your data are used to build your “profile” – such as what gender you might be, what your interests are, etc. Internet BillBoard passes on your consent (or a lack thereof) to all the cooperating third parties. They are obliged to respect your choice as much as we are.

Controller

A Controller of personal data is someone who decides which personal data needs to be processed (if any) and for which purposes. The Controller can hire a third-party for the processing of such data, which then can process it in their name. This third party is called Processor

Processor

A Processor of personal data is someone who, in the name of the controller, processes personal data. The Processor therefore only fulfils the will of the controller, and has no interest in processing this personal data for himself.