We are committed to protecting and respecting your privacy. This policy and any other documents referred to sets out the basis on which any personal data we collect will be processed by us. Please read the following carefully to understand our views and practices regarding personal data and how we will treat it.
The data controller is OPEND Limited. We are registered with the UK supervisory body; Information Commissioner's Office. Our reference number is ZA218776. We can be contacted at 257 Southbank House, Black Prince Road, London, SE1 7SJ (our Registered office is at 71-75 Shelton St, Covent Garden, London, WC2H 9JQ) on +44203 567 1430 or by email at firstname.lastname@example.org.
Where we collect personal data to operate our business our legal basis for collecting it shall be to carry out a contract or steps to enter into a contract with an individual. For example with our suppliers and clients who use our platform. In other instances, we will collect personal data to fulfil our legal obligations set down by law for example, employment purposes and accounting purposes. We will also process personal data where it is necessary for our legitimate interests or those of a third party and where a data subject's interests and fundamental rights do not override those interests. For example where the processing enables us to enhance, modify, personalise or otherwise improve our services, communications for the benefit of our clients, to identify and prevent fraud, to enhance the security of our network and information systems, to better understand how people interact with our website, to determine the effectiveness of promotional campaigns and advertising. Whenever we process personal data for these purposes we will ensure that we always keep personal data rights in high regard and take account of these rights.
Where we collect data for the use of OPEND platform specific for advertising purposes on behalf of our clients it is anonymised data that falls outside of data protection laws.
We are a service provider. We do not provide services directly to consumers. Instead, we work with and on behalf of our clients for example, a client such as a retailer may directly use our platform to engage in delivering personalised advertising to consumers. Our clients may use our platform through a licence to provide personalised advertising. Our types of clients are in the following sectors.
Personalised advertising is delivering relevant content and advertising to consumers based on interests and activities through OPEND platform. With personalised advertising, we do not use information that is deemed to be personal information, which is information that is attributed to a specific individual such as, but not limited to name, email address, Instead, we use de-identified personal information to assist in delivering personalised advertising where our clients can send advertising campaigns to their customers which are relevant.
We want to be clear on how we do this. We convert all Personally Identifiable Information (PII) into a hashed and encrypted format. Once this user becomes hashed we then are able to store that users activity (such as open and click data) to enable us to deliver more relevant advertising in the future.
Where an individual receives a marketing campaign they will have the right to opt-out from receiving further emails via the "opt-out" or "unsubscribe" link on the email campaign.
We provide the following services to our clients:
Collection and distribution of data for the purposes of measuring the effectiveness of websites, mobile applications, advertising campaigns and interactions with other marketing channels.
Management and storage of de-identified data that allows our clients to recognise their customers across devices and platforms, to better understand their customers and to engage their customers with more tailored marketing campaigns of interest.
Integration of tracking tags and other code into client websites, mobile applications and other devices that allows clients to collect data relating to user interactions and interests.
We collect and receive information on behalf of our clients and receive information from third parties to deliver our services. Third parties will include data brokers, email service providers and advertisers.
We may use information collected from, but not limited to external surveys, prize draws and other online sites an individual has participated in and have opted-in to receive third party communications. We do not own these websites. Each of our partners are responsible for establishing and complying with its own policy and for providing any notices, obtaining any consent and offering and processing any applicable opt-out or similar choice options. By following a link to any of those websites, those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before submitting any personal data to those websites.
When data is collected into the OPEND platform for the specific purpose of advertising it is anonymised data. Once data upload by a data owner/publisher it is encrypted to keep you data safe, secure and non-identifiable.
These details are anonymised onto our platform.
We may create and pass on proprietary IDs to our clients and partners and they may provide us with proprietary IDs, which are IDs that identify a customer or consumer to the client. These client IDs corresponds to de-identified personal information of the client, but we do not see the personal information connected with these IDs nor can we identify an individual.
Our platform analyses the information it collects and receives, and organises it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. We use this information to create user groups and audiences, along with information about the possible relationships among different browsers and devices, so that our clients can design and deliver customised advertising campaigns or other relevant content through our platform.
You have landed on our website what happens?
When you visit our website you may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
When you visit our website, you do not give us information, for example your personal data such as name, age or address. If you contact us directly via our website by email this will be stored in our system but will not be used for our advertising services.
Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions and operating system and platform.
Information about your visit, including the full Uniform Resource Locators URL, clickstream to, through and from our site including date and time, pages you viewed or searched for, page response times, any download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs, methods used to browse away from the page, and any phone number if you contact us.
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We store personal data and non-personal data within the European Economic Area (EEA).
We transfer information outside of the EEA for processing. For example, we may use one of our partners to process de-identified information for our personalised advertising services based in the USA. Any information transferred is in de-identified form. For clarity, the US may not have the same data protection laws as in the UK and we will use strict procedures and security features to ensure information is protected.
Mechanisms in place to ensure the adequacy of transfers can be a combination of Privacy Shields in force at the time, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by a supervisory authority and approved by the Commission, approved code of conduct and approved certification mechanism.
We have implemented security measures which are reasonably designed to help protect the data that we collect or receive in connection with our services from unauthorised access or disclosure. For example, we use encryption techniques to ensure the security of data. However, no transmission or storage of data can be guaranteed to be completely secure and we therefore cannot ensure or warrant the security of any information we collect or store.
Where we collect personal data, we will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we act as the controller and we process personal data that is identifiable to you
Where your details are incorrect or require updating for example, you have moved address then you shall have the right to have your details amended.
You have the right to object to processing which is based on legitimate interest, direct marketing purposes (see Marketing) or for scientific/historical research and statistics.
You have the right to restrict processing for example, when you object to our processing, where information is inaccurate and needs to be rectified. Subject access
You have a right to ask us for information we may hold about you. This is free of charge and we aim to respond as quickly as possible. Where a request is deemed excessive we may charge a small fee. We will also take steps to verify a request to ensure the correct information is given to the correct individual.
Where our processing of your personal data is based on your consent or for the performance of a contract you may ask us for a copy of your information in a readable format so you can use it for your own use.
In certain circumstance you may ask us to delete your personal data. For example, when we have stopped processing your personal data, where you no longer require our services or where you withdraw consent.
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data
We want you to be happy with our services, should you have any concerns please contact us at email@example.com. You will also have the right to lodge a complaint with a supervisory authority. In accordance with Data Protection Laws, a data subject has the right to lodge a complaint with a supervisory authority in particular in the Member State of his or her habitual residence, place of work or of an alleged infringement of the GDPR. For the UK, this is the Information Commissionerís Office (ICO).
Where we intend to further process personal data for a purpose other than that for which the personal data was collected, we shall provide you prior to that further processing with information on that purpose and with any relevant further information.