Privacy Policy for digital advertising activities
1. INTRODUCTION – WHO ARE WE?
Dear Visitor (hereinafter, “You” or the”User“),
This page is the property of the company Refine Direct S.r.l. with registered office in Corso Buenos Aires 54, Milan, Italy, VAT no. and Tax Code 09419240966, registered in the Register of Companies of Milan under number 2089021 (hereinafter, the “Company“). Our Company carries out the activity of affiliation platform for advertising space monetization and operates in the field of digital advertising, i.e. the delivery of advertisements via online digital channels, including email, social media and/or banner ads on behalf of advertising agencies and/or clients, and related measurement activities (hereinafter, the “Services“). Therefore, we act as a third party of the publisher’s/advertiser’s website and/or mobile app that you have just come from (hereinafter, the “Website of Origin“). In some cases, we act as an intermediary between the publisher of the aforementioned Website of Origin and third parties (as better described in paragraph 7 below).
2. HOW CAN YOU CONTACT US?
Users can contact the Company at any time for any information on this privacy policy, using the following methods:
• by sending a registered letter with return receipt to the registered office of the Company (Corso Buenos Aires 54, Milano);
• by sending an email to: richieste_privacy@refine.direct.
You can also contact the Data Protection Officer (DPO) of the Company, whose contact details are as follows: email address dpo@refine.direct.
3. WHAT DO WE DO?
We operate in the field of digital advertising, working with third-party publishers, advertising agencies and/or clients, as well as third parties to deliver advertising messages relevant to those browsing the internet and to measure advertising campaigns carried out on behalf of advertising agencies/clients, also using owned and third-party technology.
As cookies and/or other tracking tools, similar to cookies are used through our Services for various purposes, in this privacy policy we would like to explain what these tools are and how they are used.
Some cookies are used and controlled directly by the Company. Through these cookies, the Company collects and processes certain personal data concerning you. In this privacy policy, pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, the “Regulation“) and pursuant to Italian Legislative Decree no. 196/2003 and subsequent amendments and additions (hereinafter, the “Code” and, together with the Regulation, the “Applicable Law“), we will explain how we collect this data, for what purposes and what your rights are.
Other cookies on the Website of Origin, on the other hand, are carried and controlled by third parties. In this privacy policy you will find links to the privacy policies published by these third parties, which we ask you to read carefully (see paragraph 7 below). If you are not familiar with cookies, please read this privacy policy carefully, so that you can be aware of your choices.
Cookies are only one of the tools used by our Services. In fact, it is also possible that other tracking tools (such as pixels, Software Development Kits (SDK), etc.) may be used for the same purposes of profiling (in order to deliver personalized behavioural advertising, etc.) or analysis and measurement (analysis and monitoring of the behaviour of users of the Website of Origin, analysis of the advertising campaigns delivered, etc.) as set out below.
If you are not familiar with cookies and/or other tracking tools, please read this policy carefully so that you can be aware of your choices.
4. WHAT TECHNOLOGIES DO WE USE
To provide the Services, the Company uses:
A) a so-called Data Management Platform (“DMP“), provided by Adform A/S (with offices at Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark; “Adform“), i.e. a technological infrastructure that allows the data of users of the online properties in which the DMP is used to be collected and used, for the creation of clusters of users profiled on the basis of their browsing habits and/or their characteristics, also derived from statistical algorithms specific to the DMP.
Cookies and/or other tracking tools of the DMP (e.g. pixels) are therefore installed on the Website of Origin by the Company for profiling purposes. These tools are used to create your user profile, based on the preferences and tastes you have shown while browsing the internet, and to display advertising messages that are consistent with your profile, as well as to measure the advertising campaigns provided by the Company. In this way, the advertisements you see may be of greater interest to you. The tools installed by the DMP used by the Company have the following characteristics:
| Name | Category |
| Adform |
– profiling tools of the Company (third-party with respect to the Website of Origin) – permanent – maximum duration of 12 months |
As Data Controller, the Company can collect data and information on the User through the DMP, such as:
• IP address;
• cookie ID;
• Mobile Advertising ID;
• information on the type of browser and settings of the User;
• information on the operating system used by the device;
• information on the interaction and online activity of a User;
• information on the interaction of the User with an advertising campaign (e.g. clicks, percentage of completion of viewing the advertising video);
• approximate information on the geographical area from which the User operates;
• data specific to the http protocol (e.g. address of the website visited or URL);
• advertising identifiers (IDFA, AAID);
• email address of the User, which is pseudonymised once collected.
To disable the profiling tools of the DMP used by the Company, change the settings of your browser (as better described in paragraph 8 below) or use the opt-out mechanism referred to in the following link. To disable the profiling tools of the DMP used by the Company, change the settings of your browser (as better described in paragraph 8 below).
If you use this system to block DMP profiling tools, you will still receive a technical cookie to store your preference. Please note that, if you delete all the cookies from your browser, this technical cookie may also be removed and, therefore, you may have to express your choice to block them again using the system referred to above.
B) an online conversion tracking solution that enables the counting of commercial actions performed within the Website of Origin, in real time (to measure the effectiveness of the advertising campaigns). Through this system, the Company may collect, in its capacity of data controller, data relating to the User, such as:
• IP address (stored after hashing, therefore encrypted)
• user agent
• information relating to browser type and User settings
The above-mentioned data may be associated with information relating to the advertising campaign delivered by a publisher and the User’s interaction with the advertising campaign itself (e.g., clicks, time of day, subject that delivered the campaign, type of advertising campaign, etc.), in order to attribute the conversion to a specific publisher and to prepare accurate reports.
C) of the ad server ‘Google Ad Manager’ (hereinafter, “AdServer“) provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter, “Google“). Through the AdServer, profiling cookies are installed by the Company on the Website of Origin. Profiling cookies are used to create a profile of Users based on their preferences and tastes expressed during internet browsing, in order to display advertising messages consistent with their profile. In this way, the advertising messages that the Users will see on the Website of Origin can be more interesting to them. The profiling cookies installed by the AdServer are permanent and have a maximum duration of 13 months.
Moreover, the Company informs Users that, for the provision of the AdServer to the Company, Google declares itself as the independent Data Controller of Users’ personal data. Therefore, the Company has no control or power over the processing carried out by Google for data collection and subsequent processing resulting from the use of the AdServer, as it is merely a user of the ad serving service (which is technically managed by Google). For information regarding the possible transfer of Users’ personal data abroad by Google or the retention period of the data processed in the context of using the AdServer, Users can refer to Google’s privacy policy at https://policies.google.com/privacy and/or to the following link: https://support.google.com/admanager/answer/2839090?hl=en.
Users can object to the use of profiling cookies by the AdServer through the following link: https://adssettings.google.com/.
The Company also informs Users that through Google’s AdServer, advertisers or additional third parties may use cookies linked to advertising messages in order to collect information about the User’s browsing activities on the Website of Origin.
D) other cookies and/or other profiling tracking tools through which the Company collect data as autonomous data controller or, in some cases (if specified below), as co-controller together with the provider of such tools, on the Website of Origin, with the references to the modalities through which it is possible to object to such use:
| Name | Informative Page – Opt-out |
| Google Analytics |
Monitoring platform of Google (traffic monitoring on websites, landing pages, etc. and tracking of conversion actions, visits , page views, etc.). https://policies.google.com/privacy (information page) and https://tools.google.com/dlpage/gaoptout?hl=en (opt-out): Google Analytics supports an optional browser add-on that, once installed and activated, disables measurement by Google Analytics for any website visited by a user. Please note that this add-on only deactivates Google Analytics measurement. |
| Google Tag Manager |
Google’s tool for managing tags on web pages. https://policies.google.com/technologies/cookies |
| Display & Video 360 |
Google’s advertising platform (Demand Side Platform – DSP). https://policies.google.com/technologies/cookies |
| Campaign Manager 360 |
Google’s advertising platform (Adserver). https://policies.google.com/technologies/cookies |
| Google Ads |
Google’s advertising platform (delivery of ads on search engines and on the network of Google’s websites). https://policies.google.com/technologies/cookies |
| Meta | Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland; “Meta“) is a joint data controller with the Company for the data collected and the necessary information required under Article 13(1)(a) and (b) of the Regulation is set out in Meta’s Privacy Policy available at https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer. Further information on how Meta processes personal data, including the legal basis to which Meta refers and how to exercise your rights against Meta, can be found in Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer. The Company entered with the provider into the Controller’s Addendum (available here: https://www.facebook.com/legal/controller_addendum) to determine the respective responsibilities regarding compliance with the obligations established by the Regulation in relation to the processing subject to joint data controllership. Among the joint data controllers, Meta is responsible for the data subjects’ rights under Articles 15-20 of the GDPR in relation to the personal data retained by Meta after the processing carried out in joint controllership with the Company. |
| Outbrain | Use of the technologies of Outbrain UK Limited (with offices in 100 New Bridge Street, London, EC4V 6JA, United Kingdom; “Outbrain“) for the delivery of advertisement and the related measurement. The company and the provider act as joint data controller based on the provisions of the agreement they entered into (https://www.outbrain.com/legal#data-processing-agreement). The information related to the processing carried out by Outbrain, as well as the information relating to the exercise of rights towards Outbrain can be found at the following link https://www.outbrain.com/privacy/. It is possible to object to the processing carried out by Outbrain as well as exercise the right as a data subject following the link here reported https://my.outbrain.com/recommendations-settings/. |
| TikTok | The TikTok’s pixel is used by the Company in order to collect and analyze the data relating to the advertising campaigns delivered through the services of TikTok, in order to measure and optimize them. TikTok (with the term “Tiktok” we refer to TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom (“TikTok UK”) and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok Ireland”)) is joint controller with the Company and the information necessary pursuant to the Regulation (among which there are the information on how to exercise the rights under the Regulation towards TikTok) are provided to into the notice of TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en. The Company entered into an agreement with TikTok (available at the following link: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms) to determine the respective responsibilities regarding compliance with the obligations established by the Regulation in relation to the processing subject to joint data controllership. Among the parties, TikTok is responsible for the rights of data subjects pursuant to articles 15-20 of the Regulation in relation to personal data retained by TikTok after processing carried out jointly with the Company. |
5. LEGAL BASIS
The legal basis for the processing carried out to provide the Services is the prior consent of the User (art.6, paragraph 1, letter a) of the Regulation).
As set out in the Applicable Law, your prior consent is required to install tracking tools that does not have a technical purpose. For this reason, when you access the Website of Origin, a special banner is displayed or, in some cases, a so-called Consent Management Platform (hereinafter, “CMP“), which you can use to state your preferences.
You are, of course, free to not give your consent to the installation of profiling tracking tools and to opt-out of using them at any time, without this affecting your ability to visit the Website of Origin and enjoy its content in any way.
As a sign of its commitment, Refine Direct S.r.l. is a member of the IAB Europe Transparency & Consent Framework (hereinafter, the “IAB Framework“) – the European framework for transparency and consent management – and complies with the Specifications and Policies of the IAB Framework. The Vendor ID of Refine Direct S.r.l., in the context of the IAB Framework, is 1157. You may find further information regarding the IAB Framework on the IAB Europe’s website (https://iabeurope.eu/transparency-consent-framework/).
6. PURPOSES OF THE PROCESSING
We use the data collected for:
• marketing, re-targeting and profiling (i.e. to show you advertisements and commercial offers that are as close as possible to your preferences) and to help advertisers deliver non-invasive advertisements that are closer to the needs of the User;
• measuring the performance of campaigns delivered by the publishers and/or the Company itself and, where appropriate, providing statistical analysis in aggregate form to advertising agencies/clients and/or the publishers of the Website of Origin;
• providing recommendations and/or reports and/or insight to advertising agencies/clients on the delivery of advertising campaigns in line with the preferences expressed by the User while browsing and/or in relation to the data they use.
7. THIRD PARTIES OTHER THAN THE COMPANY
Other tools (such as cookies, pixels, etc.) are installed on the Website of Origin by third parties other than the publisher of the Website of Origin and the Company.
Below is a list of the third parties currently used to provide the Services, with an indication of the links to the information pages created by their developers (also containing information on how to opt-out of installing them, and on the relevant retention periods):
| Third Party | Link to the privacy policy |
| Adform | https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/ |
| Amazon | https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201909010 |
| Taboola | https://www.taboola.com/policies/privacy-policy |
| Xandr | https://www.xandr.com/privacy/platform-privacy-policy/ |
Further partners of the Company
Through the Website of Origin, if you give your consent, additional partners of ours may process personal data in order to provide advertisement and/or make measurements on the advertisement already delivered. Please refer to the related policies: i) for which links are provided next to each vendor within the CMP; ii) for which links are provided within the policy of the Website of Origin; and/or iii) for which links are provided by the publishers that provide the advertising content that the User interacted with before landing on the Website of Origin, within their properties.
8. HOW TO MANAGE COOKIES AND/OR OTHER SIMILAR TRACKING TOOLS AND OPT-OUT OF USING THEM
There are various options for managing, disabling and deleting cookies and/or to opt-out to the use of similar tracking tools.
(A) Change your browser settings
Follow the instructions provided by the manufacturer of the browser you use to find out how to manage, disable or delete all cookies:
• Explorer: https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d
• Edge: https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
• Chrome: https://support.google.com/chrome/answer/95647?hl=it
• Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
• Safari: https://support.apple.com/kb/PH17191?locale=it_IT
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
(B) Use the special interactive tools
To disable the profiling cookies of the DMP you can simply use the interactive button that is highlighted in paragraph 4 of this privacy policy, which is reproduced here for your convenience.
Consult the privacy policies of the third parties that install profiling tools (paragraph 7) in order to be aware of the modalities available to you to manage, disable and delete cookies and, more generally, to opt-out to their use of tracking systems. Remember that by disabling third-party tools: (i) you opt-out of using them not only on the Website of Origin but on all websites on which they are used; and (ii) the ability to browse the Website of Origin and use its functions will not be affected in any way.
(C) Use the website www.youronlinechoices.eu
Your Online Choices is an Internet website managed by the non-profit association European Interactive Digital Advertising Alliance (EDAA), the Italian version of which can be found at the address www.youronlinechoices.eu/it/. It provides information on behavioural advertising based on profiling cookies (https://www.youronlinechoices.com/uk/about-behavioural-advertising) and allows Internet users to easily opt-out of the installation of the main profiling cookies installed by advertisers and used on Internet websites (https://www.youronlinechoices.com/uk/your-ad-choices). Before using this tool, we recommend that you carefully read the general terms and conditions of service of the Your Online Choices website (https://www.youronlinechoices.com/uk/terms-conditions), as well as the frequently asked questions (FAQ) (https://www.youronlinechoices.com/uk/faqs) and the help page (https://www.youronlinechoices.com/uk/opt-out-help).
Use Your Online Choices sensibly. Although Your Online Choices brings many of the world’s leading advertising companies that use cookies together, some of the third parties that install cookies through the website may not have signed up with Your Online Choices. Therefore, the use of Your Online Choices does not guarantee that you will receive third-party cookies while browsing the website. Remember, also, that if you delete all cookies from your browser, even the technical cookies issued by Your Online Choices to remember your preferences may be deleted, rendering third-party cookies active once again.
(D) Mobile Advertising ID
To opt-out on many devices such as iPhone, iPad or Android devices, we recommend that you consult the device settings and instructions provided by the device manufacturer. Below we have provided some examples for information purposes only and we decline all liability or warranty on their operation or current relevance.
• Apple iOS
Open settings, then “Privacy” -> “Location Services” -> “System Services” and change the option “Location-Based iAds” to “off“.
Open settings, then “Privacy” -> “Advertising” and switch the “Limit Ad Tracking” to “on“.
To reset your Advertising ID on iOS, open settings, then “Privacy” -> “Advertising” e seleziona “Reset Advertising Identifier“.
• Android
Open Google settings, select “Ads” and then “Reset advertising ID” and select “Opt out of interest-based ads“.
(E) CMP
For the processing of personal data that, subject to your consent, the Company and/or the third parties listed in the previous paragraph B may carry out through profiling cookies used on the Website of Origin, you can use the CMP on the Website of Origin and/or the other consent collection mechanism found therein to provide and, if necessary, withdraw consent by following the related instructions. Please note that Refine Direct S.r.l. is an IAB Framework registered vendor and, through the CMP compliant with the IAB Framework’s standard, you will always be able to make granular choices in terms of providing and/or withdraw consent already given.
9. PROCESSING METHODS, TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND DATA RETENTION PERIOD
As highlighted in the introduction of this privacy policy, the Company may collect and process some of your personal data through cookies and/or other tracking tools that it places directly on the Website of Origin. The Company acts as the “data controller” of these data, in accordance with the provisions of the Applicable Law. We will process the data collected only by electronic means, in a fully automated manner and without human intermediation. Therefore, our employees and partners will never access the content of the personal data obtained through cookies and/or other similar tracking tools, which means that they will never be able to access and/or have PII (Personally Identifiable Information), i.e. information which can identify you directly.
Some of our employees and partners, authorised to process personal data pursuant to art. 29 of the Regulation, may carry out maintenance work on the computer systems that host the data, without ever being able to access its actual content. Personal data may be stored on servers managed by third parties (e.g. suppliers of computer systems) or may be managed by parties specializing in online advertising, who act as data processors on the basis of a written appointment by the Company, pursuant to art. 28 of the Regulation.
We inform you that, in compliance with the requirements and guarantees established by the Regulation, your data may be transferred to countries outside the European Economic Area (EEA). Such countries may not offer a level of privacy protection and protection of personal data comparable to the level guaranteed by the Applicable Law; where the Company acts as data controller, it will take the utmost care of the security of the data and will therefore manage such transfers with all the appropriate precautions and safeguards in accordance with the Applicable Law and, in particular, in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. Specifically:
– For the provision of the Google’s services, the Company’s provider, Google, Google Ireland Limited, may transfer the pseudonymous personal data of the Users of the Website of Origin outside the EEA, on the basis of the so-called Standard Contractual Clauses and, in particular, to the United States, taking additional measures to ensure that this is done in accordance with the Regulation itself. Further information on the additional security measures applied by Google Ireland Limited for transfers of personal data outside the European Union can be found in the following resources provided by the provider itself: “Regarding international data transfers in Google Analytics” (see link: https://support.google.com/analytics/answer/11609059) and “Safeguards for international data transfers with Google’s advertising and analytics products” (see link: https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers.pdf). In view of the scope of the processing, the nature of the data processed, and the risks of the processing carried out by the supplier, the Company considered the additional security measures that the supplier guarantees to adopt to protect the personal data to be appropriate;
– For the provision of the Adform’s services, the Company’s provider, Adform A/S, may transfer the pseudonymous personal data of the Users of the Website of Origin outside the EEA, on the basis of the so-called Standard Contractual Clauses and, in particular, to the United States, taking additional measures to ensure that this is done in accordance with the Regulation itself.
Please note that some of the third parties indicated in paragraph 7 above – as independent data controllers – may process the personal data collected through the tracking tools installed on the Website of Origin from a location outside the European territory and, therefore, it is recommended that you read their privacy policies carefully for more details.
Moreover, we would like to point out the transfers carried out by Meta (more information here and here), the transfers made by TikTok (more information here and here) and the transfer made by Outbrain (more information here) with respect to the subsequent processing carried out by the latter as autonomous controllers after the initial collection as joint data controller with the Company.
Your personal data will not be communicated to third-party data controllers or disseminated.
Your personal data will be kept by the Company for the time considered strictly necessary to carry out the primary purposes described in this privacy policy, or as necessary for the protection in civil law of both your interests and those of the Company and, in any case, for no more than twenty-four (24) months. The User’s personal data collected on the Website of Origin, by means of Refine’s proprietary conversion tracking solution, are processed by the Company for the purpose of correct attribution of the conversion only for the time strictly necessary and, in any case, for no longer than 24 hours. Once the origin of a conversion has been attributed to a specific publisher, the User’s personal data are anonymized.
10. YOUR RIGHTS
To exercise your rights, or to obtain further information or explanations on this privacy policy, please contact the Company using the following methods:
• by sending a registered letter with return receipt to the registered office of the Company (Corso Buenos Aires 54, Milan);
• by sending an email to: richieste_privacy@refine.direct.
You can also contact the Data Protection Officer (DPO) of the Company, whose contact details are as follows: email address dpo@refine.direct.
Under the Applicable Law, Users have:
a. the right to withdraw their consent at any time, if the processing is based on their consent;
b. the right to access their personal data;
c. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly-used and machine-readable format), the right to restrict the processing of personal data, the right to its rectification and the right to delete it (“right to be forgotten”);
d. the right to object:
i. in whole or in part, for legitimate reasons to the processing of personal data, even if pertinent to the collection purposes;
ii. in whole or in part, to the processing of personal data for the purpose of sending advertising material or direct sale, or for the purpose of market research or commercial communications;
e. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the Member State in which they work or in the Member State in which the alleged infringement took place). The Italian Supervisory Authority is the “Garante per la protezione dei dati personali”, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Company is not responsible for the updating of all links that can be viewed in this privacy policy. Therefore, whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to in these links.