Política de privacidad

Personal data you provide to us

We collect Personal Data provided by you, such as your contact details (email, phone, CPF and device IDs) when you fill out forms from our network sites. If you provide us with feedback or contact us by email, we will collect your name and email address, as well as any other content included in the email, to send you a reply. We also collect other types of data that you voluntarily provide to us, such as operating system, language, browsing time, among other information, if you contact us about support for the platform.

1.2 Personal data collected through technology

To make our Site and Services more useful to you, our servers (which may be hosted by a third party service provider) collect some of your Personal Data, and system information such as browser, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name and / or an indication of the date / time of your visit.

1.3 Personal data collected through cookies

"Cookies" are identifiers that we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and resources on our Services are visited and how many people.

We also use cookies and browsing data to collect information about the date and time of your visit, URLs (Uniform Resource Locators), and the solutions and information for which you have searched and viewed. Like most technology companies, we automatically collect this data and store it in log files whenever you visit our website or access any website in our network. We may use session cookies (which expire after you close your browser) and persistent cookies (which remain on your computer until you delete them) to provide a more personal and interactive experience on our website. Persistent Cookies can be removed by following the instructions in the Internet browser's help file. You can choose to refuse or disable Cookies through your browser settings. However, in doing so, some areas of our website may not function properly.

You can change your preferences on your browser or device to prevent or limit your device from accepting cookies, but doing so may prevent you from benefiting from some of our features. Again, this Privacy Policy does not cover the use of cookies by third parties, and we are not responsible for their privacy policies and practices. Please note that cookies placed by third parties may continue to monitor your online activities even after you have left our Services, and those third parties may not comply with the “Do Not Track” requests that you have set using your browser or device.

As an online platform, GDB will be able to operate together with other companies in a wide range of activities, including to provide localization functionality, advertisers, sponsors and business partners, online and offline, in addition to dissemination tools and performance analysis. Accordingly, we reserve the right to share your information, including location, registration and interest data, with the companies listed below, whenever possible, in an anonymous manner, aiming to preserve your privacy as much as possible. We do not rent, sell or transfer your personal data to anyone except the partner companies listed below. We may come to share your personal data with the following companies:

Advertisers

GDB allows other companies and ad networks to use our platform through different technologies. Therefore, you will eventually be able to directly receive ads, content and links displayed in a personalized way, according to your interests and behaviors in other services with which you interact. For that, data can be shared between GDB and these other companies, mainly unique identifiers, IP addresses, cookies and javascripts, which can be used to measure the efficiency of online advertising. You can always oppose this advertising by contacting us at contact@gdb.net.

• mediamath.com
• oath.com
• displayvideo.google.com
• appnexus.com
• adobe.com
• oracle.com

Our partners

We employ other companies to perform work on our behalf and we need to share your personal data with them to provide products and services to you. For example, we use data hosting services to store our database. Our Partners are only authorized to use personal data for the specific purposes they were contracted for, therefore, they will not use your personal data for other purposes, in addition to the provision of services provided for in the contract.

• aws.com
• retargelty.com.ar
• transunion.com

Analytics

Os dados armazenados pelo GDB podem vir a ser utilizados para fins de estatísticas (analytics), com a finalidade do GDB compreender quem são as pessoas que visitam seus sites e que são consumidores dos seus produtos e serviços. Estes dados são pseudomizáveis e não buscam identificar ou tornar identificável os titulares dos dados pessoais, mas tão somente compreender melhor como é o acesso deles nas plataformas GDB, a fim de melhorar a prestação de serviços e customizar produtos mais direcionados aos interesses dos usuários.

• retargelty.com.ar

Analytics

The data stored by GDB may be used for statistical purposes (analytics), with the purpose of GDB understanding who are the people who visit its websites and who are consumers of its products and services. These data are pseudomizeable and do not seek to identify or make identifiable the holders of personal data, but only to better understand how they access the GDB platforms, in order to improve the provision of services and customize products more targeted to the interests of users.

• retargelty.com.ar

To safeguard and protect GDB rights

We reserve the right to access, read, preserve and disclose any data that we believe is necessary to comply with a legal obligation or court order; enforce or enforce our agreements; or protect the rights, property or safety of GDB, our employees, our users or others.

O GDB coleta e transfere dados pessoais coletados no Brasil para países localizados na União Europeia, América Latina e EUA. Essa transferência ocorre para Parceiros do GDB que atuam no processamento de dados pessoais, e essas transferências envolvem apenas empresas Parceiras do GDB que demonstraram estar em processo de conformidade ou em conformidade com a GDPR e com as leis setoriais brasileiras de proteção de dados.

O GDB possui sua sede no Brasil e os dados que coletamos são regidos pela lei brasileira. Ao acessar ou usar os Serviços do GDB ou fornecer dados pessoais para nós, você concorda com o processamento e a transferência de tais dados para o Brasil e para outros países, acima mencionados.

GDB collects and transfers personal data collected in Brazil to countries located in the European Union, Latin America and the USA. This transfer takes place for GDB Partners who work in the processing of personal data, and these transfers involve only GDB Partner companies that have demonstrated to be in compliance process or in compliance with GDPR and with Brazilian sectoral data protection laws.

GDB has its headquarters in Brazil and the data we collect is governed by Brazilian law. By accessing or using the GDB Services or providing personal data to us, you consent to the processing and transfer of such data to Brazil and other countries, mentioned above.

• I – Right of access;
• II – Right of rectification;
• III – Right of exclusion;
• IV – Right to restrict processing;
• V – Right to object to processing;
• VI – Right to explain the logic behind the collection of your data;
• VII – Right to data portability ;.
• VIII – Right to withdraw your consent.

If you have any questions about these issues and how you can exercise these rights, feel free to contact us at contact@gdb.net

We will keep your personal data only for as long as is necessary to fulfill the purposes for which we collect it, including for the purpose of complying with any legal, contractual, accountability or request from competent authorities. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of personal data, the potential risk of damage from unauthorized use or disclosure of your personal data, the purpose of processing your data and whether we can achieve these purposes through other means, and the applicable legal requirements.

If you believe that your personal information was used in a manner inconsistent with the Privacy Policy or your choices, or if you have other questions, comments or suggestions related to this Privacy Policy, you can contact our team via e- mail: legal@gdb.net.

One of the main points that has generated doubts in several companies around the world is the fact that the provisions of the GDPR have extraterritorial effects, that is, their obligations and their penalties may be effective not only in companies that have headquarters or representation in the EU, but also in companies which are based outside the EU. And this may happen in the following situations:

• (i) companies with subsidiaries or representation in the EU;
• (ii) companies, even without a physical represetation in the EU, but:

• a. the offering of goods or services in the european market;
• b. collect data from individuals who are located in the EU, regardless of nationality;
• c. the monitoring of individuals behaviour as far as their behaviour takes place within the EU, specially through the Internet, regardless of nationality, or
• d. to outsource data processing to companies located in the EU.

Therefore, if your company transfers data to the European Union, or collects natural personal data at the time of collection and / or processing in the European Union while offering services to the EU, or performs profiling of these people, then your company is subject to effects of GDPR.

Aware of this, GDB has been conducting a Data Protection Impact Assessment (DPIA), a methodology used by GDPR to evaluate the impact of corporate operations on data protection, which aims to observe and establish all internal procedures that may be related the privacy and protection of personal data of its customers and partners in order to tailor all of its internal policies and guidelines, as well as align its organizational practices and contracts so that the entire company can comply with data protection standards provided for in the GDPR. Below there are some changes that we have either already implemented dor we are in process of implementation.

Under GDPR, there is a difference to be made between what the regulations call a Controller vs. a Processor. According to GDPR, “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, in other words, a Controller owns the data and decides where and how to process it.

In other hand, for GDPR, “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

So, in our relationship with advertisers and data providers, sometimes we are a Data Controller and in some time we act as a Data Processor, because of this, we are both, Controller and Processor.

According to the European Parliament Controllers are “(…) the principal party for responsibilities such as collecting consent, managing consent-revoking, enabling right to access, etc.” So it is up to you, the data owner and controller, to collect the appropriate consent from natural persons as well as have a simple channel for them to revoke their consent, correct or delete their data.

As an example: users who revoke their consent for the Controller to store and process their data are expected to contact the Controller to initiate their request, even if the data lives on servers that belong to a third-party. The main rights that a Controller has to provide to its users are:

• Consent: A user must provide unambiguous consent before the Controller can track his or her personal data. This consent must include a notice of all the types of data that will be collected, what it will or may be used for, and which partners are involved in this process. That means a partner will need to include GDB in your terms and conditions;
• Transparent information: The Controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means;
• Right to delete: Natural persons must have a right to have his or her data deleted from both Controller and Processor systems, usually referred to as the “right to be forgotten”; and
• Right to rectify: Natural persons must have the right to have their data corrected or modified from your systems.

As a Processor, we at GDB have a great deal of obligations and it is our intention to be fully compliant with the law to ensure that all of your user data is properly collected and processed. To assure that we comply with GDPR:

• We only process personal data according to the restrictions set in place by our contract and terms, and we do not mine or use the data for any purpose not specifically set in those documents and agreed to by you;
• We do not engage any sub processors or provide your data to third-parties without at least a general agreement in our contract;
• Once our contract is over, all data will be returned or deleted upon request within a timeframe of no longer than 90 calendar days;
• We are open to compliance audits by any and all clients and data providers;
• Even though our servers are located outside of the EU, they are fully GDPR-compliant;
• With the exception of IP addresses and cookies which need to be stored in plain text, all other personal information is stored encrypted using the SHA-256 algorithm; and

We keep a record of all jobs run against your data and how it was processed and used in our systems.

All of these items are already in effect across all of our products including the Data Management Platform and Onboarding Solution.

Yes. Although we think our current operation is secure, we will be taking a few specific actions regarding how we collect, process and activate data of individuals. These changes are:

• The Pixels and SDK will block all incoming EU traffic unless the website or app owner confirms through a custom parameter that consent has been properly collected;
• We have set up the inbox contact@gdb.net as the sole place to receive any and all questions or requests connected to GDPR;
• All partner and client contracts are being reviewed by our legal team, and we will be sending an addendum to include special GDPR protections and agreements;
• We are providing updates in our TOS and Privacy Policy and we will request for a new consent for all our clients, when the case; and
• We will regularly audit websites that have European traffic that are dropping our pixel. If we find GDPR violations, we will let our partner know and block all requests until the problem is fixed.

It does, and in a big way. Right now, we use our pixel to collect not only campaign impressions and clicks but also behavioral and personal data for the audiences being impacted. This feature allows your first-party data to grow in a massive way and your available targeting capabilities with it.

Under GDPR, this feature won’t be available for most users since asking for consent won’t be possible when the tracking pixel is embedded in the creative and not in the actual website. So there will be a few changes made to campaign tracking (when the user is located within the EU) as well:

• We will only be tracking behavioral and personal data for users that have already given consent in one of your websites;
• All other users exposed to the campaign will be considered anonymous and personal data won’t be collected at all; and
• We will continue to track impressions, clicks and conversions for all ads, but unless consent has been previously given by the user we won’t associate them with a user profile.

We at GDB are performing our best efforts to achieve compliance as soon as possible. But we are aware that compliance is not a fact, but a process. Therefore, we continue doing our best to protect your privacy and your rights. If you have any questions about the topic feel free to contact us through in the following email: contact@gdb.net