MYNTELLIGENCE LIMITED: ONLINE PRIVACY STATEMENT
This is the privacy statement for Myntelligence Limited (Myntelligence or We). Myntelligence is a company incorporated in England and Wales with company number 08783401 with its registered office at 14 Grays Inn Road, London, WC1X 8HN, United Kingdom.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation 16/679, the data controller is Myntelligence, which has ICO registration number ZA232670.
The effective date of this Privacy Statement is 1st May 2018.
THE GENERAL DATA PROTECTION REGULATION 16/679
In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):
- personal data means any information relating to an identified or identifiable natural person (data subject) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Overview and industry membership
Myntelligence wants digital advertising to be a useful complement to your online experience. We want to deliver personalized, well-chosen ads to help you discover things that interest you, new websites, new products, new services
Myntelligence uses complex technology to pick the best ads to show, based on everything We know about the context: the ad itself, the page that needs an ad, the time of day and other external factors, and information from your browser or mobile device digital advertising identifier that We use to predict what advertising would be most relevant and interesting to you.
If We can make ads more useful and interesting for you, then We’ll also make advertising more valuable to advertisers, and your visits will make websites more money per ad, and power their investments in the websites, apps, online features and content that they provide to you for free.
Myntelligence is a member of the European Digital Advertising Alliance (EDAA) and complies with the cross-industry Self-Regulatory Program for Online Behavioural Advertising as managed by EDAA. As part of compliance with the Self-Regulatory Program, Myntelligence is licensed and certified to deploy the OBA Icon. Myntelligence also complies with the Good Practice Principles for Online Behavioural Advertising as managed by the Internet Advertising Bureau (IAB). You can learn more about such program and principles by visiting the relevant websites at http://www.edaa.eu/ and https://www.iab.com/guidelines/.
What is the lawful reason We use to process personal data?
The two lawful reasons Myntelligence uses to process personal data are set out in Article 6 of the Regulation. Processing shall only be lawful if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 (1) (a) (Consent);
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6 (1) (f) (Legitimate Interest).
Where We process personal data as a result of data subject Consent, We ensure that Consent is freely given, specific and informed, and established by a clear affirmative act.
Where Consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Where We process personal data as it is necessary for the purpose of our Legitimate Interests, We have done so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of Myntelligence being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data. Our analysis has focused on the following:
The nature and the source of the Legitimate Interest
Myntelligence participates in a supply chain where demand for its services comes from brand advertisers who respond to and in turn, generate consumer demand. Myntelligence offers brand advertisers access to data which isolates a class of data subjects for whom (potentially) the advertised goods or services are attractive. In principle, this is both legitimate and (as an economic and social norm) necessary.
The impact upon data subjects
The nature of personal data being processed: Myntelligence does not process sensitive personal data nor personal data of a type requiring especial protection (such as the protection of a child). Its profiling activities do not result in automated decisions making (as explained below).
The way the information has been processed: Myntelligence processes up to 24 benign data points which are treated through our use of a probabilistic approach that deploys privacy enhancing technology. This, in effect, erects a very high barrier to identification of the data subject and the consequent risks. The 24 parameters do not uniquely belong to only one device and provide inferences about the consumer’s activity on the relevant site such as the page viewed or the advertising they clicked on thereby allowing Myntelligence through the use of an algorithm to undertake broad inferences about age, gender, vertical preferences and purchase intentions, otherwise known as shared data. For each combination of the 24 parameters, hundreds of thousands of identical devices exist.
The reasonable expectations of the data subject: a data subject has the right to expect that their personal data is processed with respect for their fundamental rights and freedoms. This is enshrined in the Charter of Fundamental Rights. The Charter also recognizes that this is to be measured against other rights and a balance struck. As the Regulation sets out, processing (in this context, profiling) absent checks and balances is not consistent with a data subject’s right to privacy. For these reasons, Myntelligence accepts that personal data will not be processed without:
- offering the data subject transparency through a clearly articulated summary of what Myntelligence does at or before processing is undertaken, using Regulation-compliant privacy notices under the OBA Icon in addition to Regulation-compliant privacy notices on the advertisers’ website (where the user may land if they click on the advertisement);
- the clear (and easily) right to opt-out or qualify the processing undertaken, which is immediately accessible from the OBA Icon pop-up;
- limitations on use, retention, the security of its processing, and data subject recourse to Myntelligence by way of subject access requests and the attendant rights under Articles 15 to 22 of the Regulation.
Safeguards and accountability
Privacy by design and default: We have introduced privacy by design for the personal data which is processed by Myntelligence, respecting all relevant facets of the Regulation. This is consistent with the accountability requirement under Articles 24 and 25, including recourse to the privacy enhancing technology which is highly protective. As an aside, please note, Myntelligence is ISO27001 certified.
Enhanced transparency: the data subject will, through the use of the OBA Icon access to privacy notices making access to personal data consistent with the data subject rights set out in the Regulation.
The unconditional right to opt-out: Myntelligence accepts that the data subject must have the right to opt-out without condition. This is consistent with the WP29 Guidelines and is used as a mechanism to enable the data subject to assert control.
The use of privacy enhancing technologies: Myntelligence uses pseudonymization technology which makes it impossible to isolate the data subject, nor identify personal data (within the cumulative data it aggregates).
Data minimisation: personal data will be processed in accordance with specified purposes and subject to the principles set out in Article 5 of the Regulation. Personal data that is collected before it is treated by Myntelligence’s privacy enhancing technology, will be deleted.
Securing personal data; recourse to the data subject: Myntelligence’s technology is so protective that upon data loss, its technology limits its facility for data subject identification (and notification) to many terminals or machines which match the broad demographic profiles it collects.
Your right to request that We stop processing personal data for our Legitimate Interests and withdrawal of your consent: as required by the Regulation, consent should be as easy to withdraw, as it is to give. You may request that Myntelligence does not process your personal data, at any time. You can do this:
- by going to the Myntelligence website at http://www.myntelligence.com/opt-out-tool;
- by adjusting your settings when you click upon the OBA Icon which you find when you click on the advertisements of our clients, which in turn will lead you to a page where you can adjust the way in which your browser settings are configurated.
Our status; how We use personal data
Generally, Myntelligence acts as a processor of personal data for its clients, with whom it has signed a data processing agreement, which is compliant with the Regulation.
Myntelligence is bound by the terms of this agreement which will require us to undertake analysis of the browsing of data subjects whose personal data has previously been provided to us, by our clients.
It is often the case that our clients source their personal data as a result of the data subject’s Consent or where the data subject has previously purchased goods or services from our clients.
Where our clients do not provide Myntelligence with personal data and We are required to profile data subjects’ browsing habits where, for example, a data subject visits the website of our clients, We act under the instructions of our clients, and subject to the terms of a data processing agreement.
Myntelligence may act as a controller where Myntelligence undertakes profiling of data subjects and decides upon the purposes and means of the processing of personal data.
Where Myntelligence acts as a controller, any personal data We collect after profiling, is treated and managed according to the balanced approach We have set out above.
When you visit one of our client’s websites or mobile applications (apps), or the websites or apps where We display advertisements, We may collect information about your activity on that site or the location of your device, in order to show you relevant advertising. This may include collecting information about your device such as unique device identifier, browser type and language, the server your computer is logged into, and the operating system information.
As set out above, Myntelligence processes up to 24 benign data points which are treated through our use of a probabilistic approach that deploys privacy enhancing technology. This, in effect, erects a very high barrier to identification of the data subject and the consequent risks. The 24 parameters do not uniquely belong to only one device and provide inferences about the consumer’s activity on the relevant site such as the page viewed or the advertising they clicked on thereby allowing Myntelligence through the use of an algorithm to realise broad inferences about age, gender, vertical preferences and purchase intentions, otherwise known as shared data. For each combination of the 24 parameters, hundreds of thousands of identical devices exist.
We may also collect information about our interactions with you, such as which ads We’ve shown, and on which pages, and whether you responded to those ads by interacting with them. We store this information associated with an anonymous identifier in a profile in our database.
We may partner with other companies that also use anonymous identifiers to share anonymous information with us in order to enhance these profiles.
We don’t request or store your IP address or other information that can be used to identify you directly, such as your name, address, phone number, or email address.
Why does Myntelligence need to collect and store personal data?
We collect and store personal data to provide our clients with the service they require (who in turn provide data subjects with information which is timely and relevant and consistent with data subjects’ expectations with respect to their interests). We do not process personal data for any reason other than this purpose. We only keep personal data for as long as is necessary in order to undertake this purpose.
We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of the data subject’s privacy.
Will Myntelligence share my personal data with anyone else?
Myntelligence may pass your personal data on to third-party service providers contracted to Myntelligence. In these circumstances, the third party may be another controller, processor or sub-processor.
Where the third party is a processor or a sub-processor, they are obliged to keep your details securely, and to use them only to fulfil their contractual obligations to Myntelligence. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with Myntelligence’s data retention policy.
Myntelligence shares data with clients with whom it has executed an agreement under which it will licence first-party data but retains ownership at all times. The Company may also receive first-party data from clients by virtue of being given access to clients’ management systems. In these circumstances, Myntelligence acts as a processor under such arrangements with the client.
How will Myntelligence use the personal data it collects about me?
Myntelligence will process personal data in a manner compatible with the Regulation. We will keep information accurate, up to date, and not keep it for longer than is necessary.
Unless Myntelligence is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes, Myntelligence will not keep personal data for more than 24 months after initial processing.
How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will Myntelligence contact me?
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.
We will get in touch with you where this is required under the Regulation.
Can I find out the personal data that the organisation holds about me?
At your request and where this is technically possible, Myntelligence will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information:
- dentity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU;
- contact details of the data protection officer, where applicable;
- the purpose of the processing as well as the legal basis for processing;
- if the processing is based on the Legitimate Interests of Myntelligence or a third party, information about those interests;
- the categories of personal data collected, stored and processed;
- recipient(s) or categories of recipients that the data is/will be disclosed to;
- if We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure your information;
- how long the data will be stored;
- details of your rights to correct, erase, restrict or object to such processing;
- information about your right to withdraw consent at any time;
- how to lodge a complaint with the supervisory authority;
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
- the source of personal data if it wasn’t collected directly from you;
- any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Myntelligence accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.
Contact name: Luca Censoni
Address: 14 Grays Inn Road, London, WC1X 8HN, United Kingdom
© 2018 Copyright, All Rights Reserved Myintelligence | design by cami&cri