We collect Personally Identifiable Information (PII) on www.smrtconnect.com when you voluntarily provide that information to us, for example when you complete an online form, register, access your account, enter billing preferences or email us PII information. This information is used to
We collect aggregate or non-PII information that may include your IP address, pages viewed, time spent, events triggered, browser used, computer's operating system, internet service provider (ISP), referring URL, time and date of your visit, etc. This information is collected passively using standard web server logs, cookies and web beacons (also know as 1x1 pixels). This information is used to improve, operate and maintain our site, services, systems and resources. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes.
We use cookies and web beacons to collect aggregate non-PII data that is used to improve, operate and maintain our site, services, system and resources.
Our site contains links to third party websites or services that we do not own or operate. Our privacy policy does not apply to any of these third party website or services and we cannot be responsible for their privacy practices.
If you would like us to delete any PII that you have provided us please email us a request to remove your information at dpo@smrtConnect.com and we will process your request within a reasonable period of time.
We provide online advertising services to our clients in the programmatic advertising environment. Our solution is used by advertisers to display ads of their products or services on publishers’ websites, mobile applications, connected TVs or digital out of home devices. Some of our ads are personalized, i.e., based on the information on your previous online activity. We display to you the ads of those advertisers whose websites or apps you had visited in the past (a service known as retargeting) or ads that we believe otherwise match your current shopping interests. In order to serve personalized ads, we process certain information related to your online activity that helps us understand what your current shopping interests might be and allows us to display an ad and analyze how it performs. While doing so, we aim at ensuring the highest level of privacy protection and transparency. We strictly comply with all applicable privacy laws, in particular the EU General Data Protection Regulation (GDPR), Directive on Privacy and Electronic Communications (E-Privacy Directive), as well as established best practices on the digital advertising market.
In order to collect your data, we use cookies, which are text files inserted in your web browser when you visit advertisers’ or publishers’ websites or apps, as well as other tracking technologies available on your device, such as mobile advertising ID. They allow us to register certain activities you perform on those websites or apps. We operate under the smrtconnect.com domain while providing our services.
We process the following three main groups of data:
a) Information related to your viewing activity on advertisers’ websites or apps —
it helps us understand what sorts of products and services you are interested in
and,
consequently, determine which ads should be displayed to you to match your current
shopping interests. We process this data on behalf of the advertisers for whom we
conduct advertising campaigns (as a data processor), specifically for the purpose of
creating your user profile.
b) Information that you are currently entering a publisher’s website or app,
where we may display an ad to you — it comes within a so called bid request, which
is
an offer to buy an advertising space on the publisher’s website or app in order to
display an ad (for details, see Section 4 below). We process this information as a
data
controller for the purposes of displaying ads, ad measurement, brand safety, product
development, and fraud detection.
c) Information regarding the delivery of our ads, i.e., impressions of an ad
(e.g., whether we displayed an ad to you and, if so, which ad we selected) and your
interactions with an ad (e.g., whether you clicked on it). We process this
information
as a data controller for the purposes of displaying ads (in particular for frequency
capping and ad rotation), ad measurement, and product development.
You may find a full list of categories of data we process as a data controller in
our GDPR privacy notice (see Section 5 below).
While providing our services, we do not collect personally identifiable information
(PII), such as names, e-mail addresses, postal addresses, telephone numbers, or
financial data, such as credit card details.
We do not receive any additional data from advertisers or partners, which, along
with the data collected by our technology, would enable us to directly identify you.
While you are visiting an advertiser’s website or app, we collect information
related to your activity there, such as which items you viewed, put in the basket,
and
bought. Those browsing patterns on the advertiser’s website or app help us
understand
what sorts of products and services you are interested in and thus display to you,
on
publishers’ digital properties (e.g., news portals, apps), only ads compatible with
these interests.
We display our personalized ads with the use of a programmatic instantaneous
auction system known as real-time bidding (RTB). Real-time bidding procedure happens
at
the moment you enter a publisher’s website or app that offers an advertising space
for
sale. While such website is loading, a bid request is sent to us by the publisher or
our business partner cooperating with the publisher (e.g., supply-side platform,
SSP)
inviting us to buy a certain ad space. After receiving such bid request, our
technology
uses information about your previous browsing activity on advertisers’ websites or
apps
to decide whether to buy the auctioned ad space and, if so, which ad to display.
For instance, if you had recently visited our client’s website looking for jeans,
we may display to you an ad of those same jeans you had viewed there and similar
jeans
or complementary products, such as T-shirts offered by that client.
We may also use information on the content of the website where the ad is to be
displayed for the additional personalization of this particular ad. However, we
never
use such website content to personalize future ads, in particular we do not assign
this
information to your user profile in order to categorize you (e.g., by assigning you
to
a particular population segment) or try to determine your shopping interests on the
basis of your browsing history on publishers’ websites or apps.
Moreover, we do not use your browsing data across advertisers, which means that a
browsing activity from one advertiser’s website or app does not affect other
advertisers’ ads we display. For instance, the fact that you looked for running
equipment in an app of our client “A” will not result in us displaying you running
equipment from an app of our client “B” (unless you had previously browsed similar
products on “B” app as well).
After we display an ad to you, we collect information regarding ad impressions
(e.g., that we indeed displayed an ad to you, which ad was selected, and when and on
what type of device it was displayed) and your interactions with the ad (mainly
whether
you clicked on it or not). We use this information for the analysis of how our ads
perform, for the creation of statistical reports for advertisers regarding the
delivery
of their ads, and subsequently for attribution and billing purposes. We also process
this data for the control of the frequency of ads we display to you (frequency
capping)
and for product development purposes.
Our platform is integrated with the RTB environment through matching of our
technical identifiers, e.g., cookie IDs or mobile advertising IDs (“cookie
matching”)
with those used by our business partners. It enables us to (a) receive a bid request
and eventually serve an ad on a publisher’s website or app that uses our business
partners’ digital advertising technology and (b) collect information related to our
ad
serving activities.
Upon an advertiser’s specific request and on the basis of the information provided
by such advertiser, we may perform cross-device tracking that consists of displaying
the same categories of ads of this particular advertiser’s products or services on
different devices you use (e.g. laptops and smartphones). We do not, however,
perform
specific data analyses in order to link the devices you use on the basis of the
patterns of your online behavior (i.e., we do not conduct probabilistic cross-device
tracking).
We also use your personal data for the detection of frauds and other potential
dangers to privacy security, for the calculation of the usage levels of our
technology,
and for brand safety purposes, i.e., to analyze whether publishers’ websites are a
suitable environment for our ads to be displayed and to develop and improve our
products.
Advertisers and publishers whose websites or apps you visit may independently
collect and use your data for different purposes. Please consult their privacy
policies
for more information in this regard.
Although, as described above, we do not collect personally identifiable information
(PII), the data we do process is tied to unique online identification numbers that,
under the GDPR, are considered “online identifiers” that allow us to “single out” a
specific user from other users. According to the GDPR, such information may be
considered personal data (this type of non-personally identifiable data is referred
to
as “pseudonymous data”). Consequently, in cases where the GDPR applies to our
services,
we assure compliance with all the requirements established by this regulation.
We have also appointed a data protection officer, whom you may contact if you have
further questions. Please see Section 9 below for the Data Protection Officer
contact
details.
As a part of the GDPR compliance program, we have joined the IAB Europe
Transparency & Consent Framework (TCF) as a registered vendor (ID No.: 196) and
comply
with the TCF policies. For more information, please visit https://iabeurope.eu/.
As mentioned above, some of data we use for providing services, we process as a
data controller, which means we are solely responsible for it, and some – as a data
processor i.e. on behalf of advertisers. You may access a set of information
required
by the GDPR pertaining to our data processing activities as a data controller in our
GDPR Privacy Notice.
SMRT Connect, 37 Easton Ave Suite 200, New Brunswick, NJ 08901
The processing of personal data of data subjects is carried out via the bidding system, an IT system which is owned and managed by SMRT Connect. SMRT Connect implements all relevant security policies and procedures regarding personal data to achieve a coherent protection system. SMRT Connect is obliged to assure that the data subject receive a notification compliant with requirements laid down in Articles 13 or 14 of the GDPR. SMRT Connect has appointed a single Data Protection Officer who is responsible for handling data subjects’ requests. SMRT Connect makes decisions regarding data subject’s rights laid down in the GDPR.
We will process your personal data, which includes
storing and accessing certain information on your device (such as cookies or device
identifiers) in order to carry out the following:
i) select and deliver personalized ads,
ii) measure ad performance,
iii) develop and improve our products, and
iv) ensure security and prevent fraud and debug.
For the above purposes, we will process the following
categories of your personal data:
unique online identifiers (including cookie IDs and mobile advertising IDs);
i) URLs of the web pages you visited (“referrer”);
ii) data related to ad impressions and your interactions with our ads on
publishers’
websites or apps;
iii) technical browser and device information (“user agent”);
iv) timestamps, IP addresses indicating your general (non-specific) location.
The legal basis for the processing of your personal
data for the purposes of (1) selecting and delivering personalized ads, (2)
measuring
ad performance, and (3) developing and improving our products is the consent you
give
on publishers’ websites or apps. You are entitled to withdraw the consent to the
processing of your personal data by us at any moment. You may do so by clicking an
opt-out button on our opt-out page
or by
contacting
us directly at: dpo@smrtconnect.com.
With respect to ensuring security, preventing fraud, and debugging, the legal basis
for the processing of your personal data is the legitimate interest of the
controller,
pursuant to Article 6 Section 1 (f) of the GDPR.
We obtain your data either from publishers, on whose
digital properties we display our advertisements, or from supply-side platforms
(SSPs),
cooperating with publishers for the purposes of delivering personalized
advertisements.
We collect some of the information, such as data related to ad impressions and your
interactions with ads, ourselves from publishers’ websites or apps.
We may transfer your data to our processors (e.g.,
IT service providers and data centers) where such entities process data on the basis
of
a contract with us and only in accordance with our instructions.
We may also transfer very limited amounts of data to our business partners (e.g.,
SSPs) in a response to a bid request in order to be technically able to display an
ad.
You have the following rights with respect to your personal
data:
i) the right to withdraw your consent to the processing at any time, e.g., by means
of
an opt-out procedure without affecting the lawfulness of processing based on consent
before its withdrawal;
ii) the right to object to the processing of the personal data for
direct marketing purposes or, on grounds relating to your particular situation,
whenever the legal basis for processing is controllers’ legitimate interest;
iii) the right to access to the personal data; the right to obtain from the
controller
restriction of processing as referred to in Article 18 of GDPR;
iv) the right to request that your personal data be corrected if it is found to be
inaccurate
or out of date; the right to request your personal data be erased where it is no
longer
necessary for us to retain such data;
v) the right, where there is a dispute in relation to the accuracy or
processing of your personal data, to request a restriction is placed on further
processing; and
vi) the right to request that we provide you with your personal data and
where possible to transmit that data directly to another data controller. You are
entitled to request a copy of your personal data processed by us.
Within the scope of processing that we undertake as a data controller, we
conduct activities that may be deemed “profiling” of your personal data only to a
very
limited extent (i.e., analysis of data regarding ad impressions and your
interactions
with our ads for ad measurement purposes).
We do, however, conduct profiling with respect to the data related to your browsing
activity on advertisers’ websites or apps (i.e., data we process on behalf of
advertisers, as a data processor). We analyze it in order to display to you an ad
that
we believe you will be most interested in, as described in Section 4 above.
In any case, the profiling does not produce any legal effects toward users or
similarly significantly affects them. In particular, it does not result in price
discrimination among the users based on their behavioral profile.
We immediately delete all data received in bid requests, except
for a minor fraction needed for statistical and analytical purposes (including brand
safety and fraud detection), which is stored for no more than 94 days.
The data regarding ad impressions and your interactions with the ad is kept as long
as it is needed for statistical, settlement, and product development purposes,
however
in any case no longer than 2 years from its collection.
After the lapse of periods specified above, the data is truncated or effectively
anonymized.
In any case, we promptly respond to data subject requests related to the execution
of the right to be forgotten by deleting all personal data covered by a given
request.
We shall not transfer or permit any of
your personal data to be transferred to a territory outside of the European Economic
Area unless we have taken such measures that are necessary to ensure that the
transfer
is in compliance with applicable laws. Such measures may include (without
limitation)
transferring personal data to a recipient in a country that the European Commission
has
decided provides adequate protection for personal data as referred to in Article 45
of
the GDPR or to a recipient in the United States that has certified compliance with
the
EU–US Privacy Shield framework.
If you wish to find the list of the countries that the European Commission
recognized as providing adequate protection, then click here.
We use Amazon Web Services in order to conduct data analysis necessary to provide
and optimize our services, which entails the transfer of data to data centers
managed
by Amazon and located in the United States. Amazon, Inc. and its wholly-owned U.S.
subsidiaries participate in EU–U.S. Privacy Shield Framework (see:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active).
If we need to use your personal data for a purpose not covered by this notice, then we will provide you with a new notice explaining such new use, prior to commencing the processing, and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing operation.
We have appointed a data protection officer. It is a person
you may contact regarding any issues related to privacy issues at SMRT Connect and the
exercise of your rights concerning the processing of your personal data.
You may contact our Data Protection Officer:
by mail to the following address: Pragnesh Radadiya, 37 Easton Ave Suite 200, New Brunswick, NJ
08901 and by e-mail:
dpo@smrtconnect.com
In these California Consumer Privacy Act Disclosures (“CCPA Disclosures”), we,
SMRT Connect (SMRT Connect, “we”) disclosure information about our data processing
practices as required by the California Consumer Privacy Act of 2018 (“CCPA). These
CCPA Disclosures are effective January 1, 2020. You can download a PDF version
here.
I. Who and what information is subject to these CCPA Disclosures? California
residents are protected as “consumers” by the California Consumer Privacy Act of
2018
(“CCPA”) with respect to personal information.
II. How can a consumer with a disability access these CCPA Disclosures? Consumers
who have a visual disability may be able to use a screen reader or other
text-to-speech
or text-to-Braille tool to review the contents of this notice.
III. CCPA Privacy Policy We are providing the disclosures about consumer rights and
our personal information handling practices in the preceding twelve months, as
required
by the CCPA and regulations of the California Attorney General, including §999.308.
You
may access a set of information required by the CCPA pertaining to our data
processing
activities as a business under the CCPA in our CCPA Privacy Policy (click here to
expend).
We have implemented organizational and technical measures to assure an appropriate
level of security of your data. We have deployed procedures regarding every aspect
of
data processing, and we carefully select technologies used for such processing and
any
data recipients.
Your data is protected against human interactions, equipment malfunctions, internal
or external attacks, losses, or misuses. We store it in top-tier multi-tenant data
centers operated by market-leading companies with appropriate data security
certifications (in particular ISO 27001). In order to ensure the ongoing
confidentiality and availability of your data, we use encryption and a back-up
mechanism.
We constantly monitor the implemented security measures and develop the awareness
and knowledge about privacy and personal data protection at our company on an
ongoing
basis.
If, after having been acquainted with the extent of data collected about your
online activity, you have any concerns about your privacy, then you may disallow the
collection of data by means of tracking technologies used by us specifically or by
all
providers in the following ways.
You may disable cookies in your web browser and mobile devices, which will prevent
the collection of data by all providers.
For web browsers, please refer to your browser’s settings, as the procedure may
depend on the browser you use. Please note that, due to the common use of cookies,
turning them off may prevent you from using a variety of websites.
For mobile devices, please use device settings.
For iOS, select “Privacy” → “Advertising” → “Limit Ad Tracking”.
For Android,
select “Users Area” → “Google” → “Ads” → “Opt out of Ads Personalization”.
You may also
opt out specifically from SMRT Connect tracking technology that will prevent us from
collecting information from your browser and result in the deletion or effective
anonymization of all data previously collected. In order to opt out from SMRT Connect
personalized ads, please use the following link:
http://smrtconnect.com/opt-out.html
Given that cookies are stored in a particular Internet browser, if you use more
browsers or more devices, you must opt-out from each of them.
Furthermore, opt-out is conducted by inserting another “opt-out cookie” in your
browser. Therefore, if you delete all cookies in your browser’s settings, then you
will
also delete an opt-out cookie. In those cases, you may need to opt-out
again.
The GDPR grants you additional rights, such as the right of access, rectification,
erasure, or portability of your personal data and the right to object to or restrict
the processing and to lodge a complaint with a supervisory authority. Furthermore,
where we have collected and processed your personal data subject to your consent,
you
can withdraw it at any time. Such withdrawal does not affect the lawfulness of the
processing we have conducted prior to your withdrawal. To learn more, see our GDPR
notice , or contact our Data Protection Officer.
In order to develop the privacy protection, we may deem it fit or necessary to update this Privacy Policy at any time. Please follow our website where we will inform you about any material changes to our Privacy Policy.
If you have any further questions related to your privacy, please do not hesitate
to contact our Data Protection Officer at the following:
Data Protection Officer
SMRT Connect
37 Easton Ave Suite 200, New Brunswick,
NJ 08901
dpo@smrtconnect.com
Last Updated: 31 Jan 2023