LAST UPDATED 22nd June, 2021
This document describes the role of Kiosked in ensuring data protection and privacy in its business and how we process personal data in our business.
Kiosked is a technology provider enabling ad mediation between publishers and advertisers, i.e. connecting publishers’ online inventory and buyer side demand of advertisers. At its core the Kiosked service is an intermediate technology provider serving both publishers and advertisers to execute optimised ad mediation processes through its advanced online advertising technology. Publishers with direct relationships with their users are obligated to collect and manage data subjects’ consent, opt-out and/or any other applicable legal basis to process relevant personal data required to provide Kiosked service.
Kiosked service dynamically creates and connects publishers’ ad inventory offering with advertisers’ demand on Kiosked marketplace in real-time-bidding environment. As an intermediate technology provider Kiosked receives and processes, together with its sub-processors (such as hosting partners and advertising networks), necessary personal data of the data subject, in order to be able to execute ad mediation. This data falls roughly into two categories: “HTTP header data” and “clickstream data”. These are managed and processed according to IAB standards on real-time-bidding (RTB)* ad mediation. The former data category may include information about browsers and devices of users, device identifiers, cookie information and the IP address from which the device accesses the service. The latter data category refers to the information that the data subject leaves behind while visiting a website and which is stored as a form of log files. (*https://www.iab.com/wp-content/uploads/2016/03/OpenRTB-API-Specification-Version-2-5-FINAL.pdf)
Kiosked participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Kiosked’s vendor ID is 751.
The General Data Protection Regulation 2016/679 (“GDPR”) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. In the context of the GDPR Kiosked acts as a data processor and processes personal data on behalf of data controllers (publishers, and in some cases advertisers or ad networks). In order to comply with the applicable laws Kiosked enters into a separate Data Processing Agreement (DPA) with the data controllers. Full details on Kiosked Data Processing Policy can be found here: https://www.kiosked.com/data-processing-policy. In some cases Kiosked may become a controller, or a joint-controller of personal data depending on contractual obligations between Kiosked and its advertising network and advertising partners. In such situations Kiosked may act as a data controller, and collect and process personal data so that Kiosked can serve its customers and market its products and services. The collection and processing of personal data is always based on applicable laws and regulations, customer or service agreement, the legitimate interest of Kiosked, or the consent of the data subject. No sensitive personal data, as defined by the GDPR, will be collected or processed by Kiosked.
The California Consumer Privacy Act (“CCPA”) grants Californian consumers new rights to opt-out of the sale of their personal information. Under the CCPA, the transfer of user data in programmatic advertising may be considered the “sale” of personal information, in which case users must be provided with the opportunity to opt-out. Since Kiosked’s publisher clients have a direct relationship with users, Kiosked trusts on client publishers to provide an opt-out opportunity by including a “Do Not Sell My Personal Information” link on their properties.
Kiosked is a participant of the IAB CCPA Compliance Framework For Publishers & Technology Companies, and our technology is compliant with both CCPA and GDPR requirements enabling publishers to pass forward appropriate signals of user opt-outs and/or consents as applicable.
Kiosked strongly encourages all publishers to implement an IAB-registered consent management platform and adopt the IAB Consent Framework to comply with requirements set by privacy regulations.
Kiosked advertising partners may use behavioural elements, such as behavioural advertising to end users, in order to provide more relevant services and content to online users. Such customized content may be tailored to a user based on data that is processed as a part of Kiosked’s services to its partners.
Some of our advertising clients and partners are members of the Network Advertising Initiative and/or participate in the Digital Advertising Alliance Self-Regulatory Program. Both of them provide opt-out mechanisms for their respective members or participants. You can learn of your rights and your possibility to influence how data on your online activities are processed by going to http://www.networkadvertising.org/managing/opt_out.asp http://www.aboutads.info/choices/, or http://www.youronlinechoices.eu (if you are located in the European Union). The opt-out websites linked above may not reach all of our advertising partners and certain behaviourally targeted advertising may still be displayed to a user. Also, note that opting out of behavioural advertising does not mean a user will no longer be exposed to online advertising. It means that the company from which the user has opted out of receiving behavioural advertising will no longer deliver ads tailored based on the user’s web behaviour and usage patterns.
Some of our publisher clients have their own opt-out mechanisms that are linked to their web sites or their online-posted privacy policies. If a user wishes not to receive targeted advertising from a particular company, or multiple companies, the user can review the privacy policies of publishers and companies for these opt-out links.
Kiosked only retains personal information as long as necessary for the fulfilment of Kiosked business purposes, and as permitted by applicable laws and regulations. Upon request, Kiosked will provide more detailed information concerning data storage times.
A cookie is a small file your browser stores when told to do so by a website. Typically, websites place a number of different cookies on an end-user’s device. Some are “first-party” cookies, i.e. from the website itself, and others are “third-party” cookies, meaning they belong to advertising and analytics entities or social networks. Cookies are personal information. However, Kiosked’s cookies do not include any other personal information and are typically used to quickly identify your device and to “remember” your device during subsequent visits for purposes of functionality, preferences, and website performance. You can disable cookies on your device, select to opt-out, or set your device to alert you when cookies are being sent to your device. However, disabling cookies may affect your user experience.
Kiosked uses Google Analytics to track page visits. For more information about this please visit:
Kiosked may employ agents, contractors, and third-party companies and individuals to operate our service and perform related services which allow us to perform our obligations under the agreements with publishers and advertisers. These third parties may have access to your personal information and other information collected as set forth above but only to perform these tasks on our behalf. Our partners are obligated not to disclose any personal information or use it for any other purpose.
We may need to disclose or transfer personal information in connection with a merger, acquisition, re-organization, or sale of assets. The relevant data controller will be advised of these changes in accordance with our agreements and approvals may be required before such disclosure is made.
Kiosked takes data privacy and security seriously. Kiosked uses commercially reasonable efforts and industry standard safeguards to preserve the integrity and security of all personal information. Kiosked restricts access to any personal information on a need-to-know basis to employees, contractors, and its agents. While Kiosked endeavours to protect the security and integrity of all personal data, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers.
Your information may be transferred to, and maintained on computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with applicable laws and regulations, and agreements with our data controllers.
Our service is not directed to children. We do not knowingly collect personal information from children. If a parent or a guardian becomes aware that his or her child has provided us with personal information without their consent, please contact us. If we become aware that a child has registered for our service and has provided us with personal information, we will delete such information from our files.
Applicable privacy laws determine user rights regarding personal data. A user has the right to e.g. inspect what information has been stored in our personal data files. A user has a right to have personal data, incomplete, incorrect, unnecessary or outdated personal data deleted or updated according to the applicable laws.
To exercise any of the rights provided by the applicable laws you may contact us via email at email@example.com or via mail at Kiosked Oy Ab, Tammasaarenkatu 1, HTC Nina 4th Floor, FI-00180 Helsinki, Finland. If you have any questions relating to data protection or data processing of your personal information that are not answered by this document you should primarily turn to the publisher or advertiser who acts as the data controller for your personal information.
If you, as a user, have any questions relating to processing of your personal information in Kiosked’s ad mediation process that are not answered by this document you should primarily turn to publishers, and in some cases advertisers or ad networks, as they primarily control the user data.
If you have any questions regarding this document or Kiosked’s privacy practices including data protection, please contact us via email at firstname.lastname@example.org, or by mail at Kiosked Oy Ab, Tammasaarenkatu 1 HTC Nina, 4th Floor, FI-00180 Helsinki, Finland.
We seek to swiftly answer your questions and resolve any concerns you may have.
From time to time we may change this data protection statement. You can tell when changes have been made to this document by referring to the ‘Last Updated’ legend at the top of this page. Any changes to this data protection statement will become effective when we post the revised document on Kiosked’s website (www.kiosked.com/privacy-policy). If you continue to use the services following any changes to this data protection statement, you accept any such changes we have made.