PRIVACY POLICY

Products and Services Privacy Policy

This privacy policy is provided by Cognitive AI S.r.l. and concerns the activities that Cognitive and/or the third parties indicated in paragraph 5 below carry out in order to provide digital advertising services to the clients of Cognitive.

 

  1. INTRODUCTION – WHO WE ARE?

Cognitive AI S.r.l., with registered offices in Viale Liguria 24, 20143, Milano, Italy, Tax Code/VAT No. 13679630965 , enrolled in the Company Register of “Camera di commercio di Milano” (“Cognitive”, “Us”, “Our”, “We”) is an innovative startup company in the advertising industry.

Our main business is to deliver innovative solutions for the delivery of advertising campaigns, in the field of digital advertising and in particular in order to delivery advertisements via online digital channels, including social media and/or banner ads on behalf of clients (hereinafter, the “Services“). Therefore, we act as a third party of the publisher’s/advertiser’s website and/or mobile app that you have just come from (hereinafter, the “Website”). In some cases, we act as an intermediary between the publisher of the aforementioned Website and third parties (as better described in paragraph 5 below). This privacy policy is provided under art. 13 of EU Reg. 2016/679 (“Regulation”) and according to the “Guidelines on the use of cookies and other tracking tools – 10 June 2021” (Published in the Official Journal of the Italian Republic No 163 of 9 July 2021; “Cookie Guidelines”).

 

  1. HOW CAN YOU CONTACT US?

You can contact Cognitive at any time for any information on this privacy policy, using the following methods:

  • by sending a registered letter with return receipt to the registered office of Cognitive AI Srl: Viale Liguria 24 – 20143 – Milano, Italy;
  • by sending an email to:[email protected]

 

  1. WHAT DO WE DO?

We provide the Services to our clients through our proprietary technology named Cognitive Persistent ID technology (“Technology”).

When our client uses our Technology in its Website we and our client act as joint data controllers for the data collected thought it. To determine the respective responsibilities regarding compliance with the obligations established by the Regulation in relation to the processing subject to joint data controllership, we agreed with our client to be bound by an agreement under art. 26 of the Regulation. Among the joint data controllers, both of the parties – we and our client – are responsible for the data subjects’ rights under Articles 15-20 of the GDPR in relation to the personal data collected by us and the client through the Technology. After the initial collection, if our client asks us to do that, we can also compare the data collected on the Website with other data collected by other clients of Us, using the same technology, elsewhere (such as on e-commerce and/or mobile apps). When we do that, we use the so-called clean room, that are closed “data bunkers”, storing the data collected on the Website, placed in connection with other “bunkers” referring to other subjects (all users of Cognitive Persistent ID). When we do this operation, we act in joint controllership with the client who use the Cognitive Persistent ID on its Website.

For any other processing activities carried out by our client, after the initial collection carried out in joint controllership with us, our client is the entity responsible. Indeed, as better specified in the privacy policy provided by our client, through our Technology our clients can pursue the following purposes:

  • Advanced digital attribution;
  • Cross Device matching;
  • Cross Platform matching;
  • Data Monetization;
  • Persistent ID vs Cookie matching.

Cognitive develops its Technology following a “privacy-by-default” principle, all the data managed through our Technology are hashed, and no directly personally identifiable information (such as your name or surname) are stored in our systems.

Through the use of our Technology, our client can match persistent IDs (i.e., CRM ID, Emails, etc.) with non-persistent data (i.e., cookies). When our client instructs us to carry out this matching, we are acting as data processor on behalf of client. Our client may collect such persistent data directly from users (both online and offline) or receive data from third parties, but they are fully responsible of establishing a legal basis in order to process the data as they are instructing us to do. We request to our client to provide users with all required information about the use of their data and provide, where necessary under the applicable law, an opt-in option.

For this reason, this policy does not apply to any data collected by our clients when they act as autonomous data controllers, as their user data management practices are covered by their own privacy policies, nor to any processing activities carried out by our client after the initial collection of data through the Technology.

 

  1. LEGAL BASIS

The legal basis for the collection of data carried out when the Technology is used in the Website is the prior consent of the User (art.6, paragraph 1, letter a) of the Regulation).

As set out in the Cookie Guidelines, your prior consent is required to install tracking tools that does not have a technical purpose. For this reason, when you access the Website, a special banner is displayed or, in some cases, a so-called Consent Management Platform (hereinafter, “CMP“), which you can use to state your preferences.

You are, of course, free to not give your consent to the use of the Technology for the collection of your data and to opt-out of using them at any time, without this affecting your ability to visit the Website and enjoy its content in any way.

You can easily verify the presence of your device in our system and exercise your own right to opt-out following this link https://api.tncid.app/opt_out.html.

 

  1. THIRD PARTIES

Depending on the Service provided to the client, if they instruct us to do that:

  • we can share data with third parties that could use data for target advertising purposes, including measurement and analysis of the advertising campaigns performances, personalization, modeling, on-boarding and match with other data; and/or
  • other tools (such as cookies, pixels, etc.) might be installed on the Website by third parties other than the publisher of the Website and Cognitive.

Below is a list of the third parties currently used to provide our Services to clients, with an indication of the links to the information pages created by their developers (also containing information on how to opt-out of installing them, and on the relevant retention periods):

ADFORM – for more information on how ADFORM manages your data you can examine their privacy policy available at the URL: https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/ . If you prefer not to share your personal data with ADFORM, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this URL (https://site.adform.com/privacy-policy-opt-out/). Information regarding the length of storing: 1 hour; 3650 seconds.

BEESWAXIO CORPORATION – for more information on how BEESWAXIO CORPORATION manages your data you can examine their privacy policy available at the URL: https://www.beeswax.com/privacy/. If you prefer not to share your personal data with BEESWAXIO CORPORATION, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url http://optout.prod.bidr.io/optout. Information regarding the length of storing: 1 year.

DYNAMIC YIELD – for more information on how DYNAMIC YIELD manages your data you can examine their privacy policy available at the URL: https://www.dynamicyield.com/privacy-policy/. If you prefer not to share your personal data with DYNAMIC YIELD, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this URL https://support.dynamicyield.com/hc/en-us/articles/360023113433-GDPR-and-Data-Privacy-Overview. Information regarding the length of storing: 365 days.

EQUATIV – for more information on how EQUATIV manages your data you can examine their privacy policy available at the URL https://equativ.com/privacy-policy/. If you prefer not to share your personal data with EQUATIV, it’s possible to exercise your own right to opt-out. Please address your request to: [email protected]

IMPROVE DIGITAL – for more information on how IMPROVE DIGITAL manages your data you can examine their privacy policy available at the URL: https://improvedigital.com/platform-privacy-policy/. If you prefer not to share your personal data with IMPROVE DIGITAL, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this URL https://improvedigital.com/platform-privacy-policy/. Information regarding the length of storing: 90 days.

NIELSEN MEDIA RESEARCH LTD. – for more information on how NIELSEN manages your data you can examine their privacy policy available at the URL: https://www.nielsen.com/us/en/legal/privacy-statement/nielsen-marketing-cloud-privacy-notice/. If you prefer not to share your personal data with NIELSEN, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this URL (https://sites.nielsen.com/legal/privacy-statement/exelate-privacy-policy/opt-in-opt-out/?lang=it). Information regarding the length of storing: 120 days.

OUTBRAIN – for more information on how OUTBRAIN manages your data you can examine their privacy policy available at the URL: https://www.outbrain.com/privacy/. If you prefer not to share your personal data with OUTBRAIN, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url https://my.outbrain.com/recommendations-settings/home.

PUBMATIC – for more information on how PUBMATIC manages your data you can examine their privacy policy available at the URL: https://pubmatic.com/legal/privacy/. If you prefer not to share your personal data with PUBMATIC, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url (https://pubmatic.com/legal/opt-out/). Information regarding the length of storing: 90 days.

QUANTCAST – for more information on how QUANTCAST manages your data you can examine their privacy policy available at the URL: https://legal.quantcast.com/#Products-and-Services-Privacy-Policy. If you prefer not to share your personal data with QUANTCAST, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url  https://www.quantcast.com/privacy-choices/

SCIBIDS – for more information on how SCIBIDS manages your data you can examine their privacy policy available at the URL: https://doubleverify.com/privacy-notice/. If you prefer not to share your personal data with SCIBIDS, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url: https://doubleverify.com/opt-out/

THE NEW CO – for more information on how THENEWCO manages your data you can examine their privacy policy available at the URL: https://www.thenewco.tech/products-and-services-privacy-policy/. If you prefer not to share your personal data with THENEWCO, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url:  https://api.tncid.app/opt_out.html

THE TRADE DESK – for more information on how TTD manages your data you can examine their privacy policy available at the URL: https://www.thetradedesk.com/us/privacy. If you prefer not to share your personal data with TTD, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url: https://www.adsrvr.org/

WEBORAMA – for more information on how WEBORAMA manages your data you can examine their privacy policy available at the URL: https://weborama.com/politique-de-confidentialite/. If you prefer not to share your personal data with WEBORAMA, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url (https://weborama.com/it/privacy-it/opt-out/). Information regarding the length of storing: 1 year.

XANDR, INC – for more information on how XANDR manages your data you can examine their privacy policy available at the URL: https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy. If you prefer not to share your personal data with XANDR, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url privacycenter.xandr.com. Information regarding the length of storing: 90 days.

ZEOTAP GMBH – for more information on how ZEOTAP manages your data you can examine their privacy policy available at the URL: https://zeotap.com/product-privacy-policy/. If you prefer not to share your personal data with ZEOTAP, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url https://privacyportal-de.onetrust.com/webform/bdcc4a2f-2458-4e17-96c3-cf88f7115dfc/2c5e70e5-643a-4c1e-b9c2-1e71584d04ad. Information regarding the length of storing: 1 year.

ZEMANTA – for more information on how ZEMANTA manages your data you can examine their privacy policy available at the URL: https://www.zemanta.com/privacy/. If you prefer not to share your personal data with ZEMANTA, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url  https://www.zemanta.com/opt-out/

ZETA GLOBAL – for more information on how ZETA manages your data you can examine their privacy policy available at the URL: https://zetaglobal.com/privacy-policy/. If you prefer not to share your personal data with ZETA, it’s possible to exercise your own right to opt-out following the specific instructions that can be found at this url  https://zetaglobal.com/rights-request/

 

Apart from those subjects indicated above, other third party data platforms such as Demand Side Platforms (DSPs) and/or Data Management Platforms (DMPs), might be used by our client in its Website, as this can be indicated by them in the CMP and/or in their notice to their users provided through the Website.

  1. PROCESSING METHODS, TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND DATA RETENTION PERIOD

To the data collected jointly with our clients our employees and partners, authorised to process personal data pursuant to art. 29 of the Regulation, may have access, in order to carry out maintenance work on the computer systems that host the data.

Personal data may be stored on servers managed by third parties (such as Google Cloud Platform) or may be managed by parties specializing in online advertising, who act as data processors on the basis of a written appointment by the Company, pursuant to art. 28 of the Regulation. The data is stored in data centers based in EU.

Based on the instructions provided by our clients, we also might share data with partners outside the EU only following their instructions and mainly for technical purposes like data analysis, data cleaning, data transformation, etc. in compliance with the requirements and guarantees established by the Regulation. Such countries may not offer a level of privacy protection and protection of personal data comparable to the level guaranteed by the Regulation; where Cognitive acts as (joint) data controller, it will take the utmost care of the security of the data and will therefore manage such transfers with all the appropriate precautions and safeguards in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. When Cognitive transfers data on behalf of its clients, the transfer outside the EU is better specified in the privacy policy provided by our clients.

We might also disclose data stored in our systems in response to valid legal processes, for example, in response to a court order and/or to comply with applicable legal and regulatory requirements.

Please note that some of the third parties indicated in paragraph 5 above – as independent data controllers – may process the personal data collected through the tracking tools installed on the Website from a location outside the EU territory and, therefore, it is recommended that you read their privacy policies carefully for more details.  

 Your personal data will be kept by Us for the time considered strictly necessary to carry out the primary purposes described in this privacy policy and as agreed with our client in the joint controllership agreement, or as necessary for the protection in civil law of both your interests and our (and/or our client’s) interests.

 

  1. YOUR RIGHTS

To exercise your rights, or to obtain further information or explanations on this privacy policy, please contact Us by using the following methods:

  • by sending a registered letter with return receipt to the registered office of Cognitive AI Srl: Viale Liguria 24 – 20143 – Milano, Italy;
  • by sending an email to [email protected].

Under the Regulation, the data subjects have:

  1. the right to withdraw their consent at any time, if the processing is based on their consent. Please use the CMP on the Website in order to withdraw your consent;
  2. the right to access their personal data;
  3. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restrict the processing of personal data, the right to its rectification and the right to delete it (“right to be forgotten”);
  4. the right to object:
  5. in whole or in part, for legitimate reasons to the processing of personal data, even if pertinent to the collection purposes;
  6. in whole or in part, to the processing of personal data for the purpose of sending advertising material or direct sale, or for the purpose of market research or commercial communications;

Please use the tool available at the following link  https://api.tncid.app/opt_out.html.

  1. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the Member State in which they work or in the Member State in which the alleged infringement took place). The Italian Supervisory Authority is the “Garante per la protezione dei dati personali”, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).

***

We are not responsible for the updating of all links that can be viewed in this privacy policy. Therefore, whenever a link is not functional and/or updated, you acknowledge and accept that you must always refer to the document and/or section of the websites referred to in these links.