Privacy Policy for digital advertising activities
1. INTRODUCTION – WHO ARE WE?
Dear Visitor (hereinafter, “You” or the”User“),
This page is the property of the company Refine Direct S.r.l. with registered office in Corso Buenos Aires 54, Milan, Italy, VAT no. and Tax Code 09419240966, registered in the Register of Companies of Milan under number 2089021 (hereinafter, the “Company“). Our Company carries out the activity of affiliation platform for advertising space monetization and operates in the field of digital advertising, i.e. the delivery of advertisements via online digital channels, including email, social media and/or banner ads on behalf of advertising agencies and/or clients, and related measurement activities (hereinafter, the “Services“). Therefore, we act as a third party of the publisher’s/advertiser’s website and/or mobile app that you have just come from (hereinafter, the “Website of Origin“). In some cases, we act as an intermediary between the publisher of the aforementioned Website of Origin and third parties (as better described in paragraph 7 below).
2. HOW CAN YOU CONTACT US?
Users can contact the Company at any time for any information on this privacy policy, using the following methods:
• by sending a registered letter with return receipt to the registered office of the Company (Corso Buenos Aires 54, Milano);
• by sending an email to: richieste_privacy@refine.direct.
You can also contact the Data Protection Officer (DPO) of the Company, whose contact details are as follows: email address dpo@refine.direct.
3. WHAT DO WE DO?
We operate in the field of digital advertising, working with third-party publishers, advertising agencies and/or clients, as well as third parties to deliver advertising messages relevant to those browsing the internet and to measure advertising campaigns carried out on behalf of advertising agencies/clients, also using owned and third-party technology.
As cookies and/or other tracking tools, similar to cookies are used through our Services for various purposes, in this privacy policy we would like to explain what these tools are and how they are used.
Some cookies are used and controlled directly by the Company. Through these cookies, the Company collects and processes certain personal data concerning you. In this privacy policy, pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, the “Regulation“) and pursuant to Italian Legislative Decree no. 196/2003 and subsequent amendments and additions (hereinafter, the “Code” and, together with the Regulation, the “Applicable Law“), we will explain how we collect this data, for what purposes and what your rights are.
Other cookies on the Website of Origin, on the other hand, are carried and controlled by third parties. In this privacy policy you will find links to the privacy policies published by these third parties, which we ask you to read carefully (see paragraph 7 below). If you are not familiar with cookies, please read this privacy policy carefully, so that you can be aware of your choices.
Cookies are only one of the tools used by our Services. In fact, it is also possible that other tracking tools (such as pixels, Software Development Kits (SDK), etc.) may be used for the same purposes of profiling (in order to deliver personalized behavioural advertising, etc.) or analysis and measurement (analysis and monitoring of the behaviour of users of the Website of Origin, analysis of the advertising campaigns delivered, etc.) as set out below.
If you are not familiar with cookies and/or other tracking tools, please read this policy carefully so that you can be aware of your choices.
4. WHAT TECHNOLOGIES DO WE USE
To provide the Services, the Company uses:
A) an online conversion tracking solution that enables the counting of commercial actions performed within the Website of Origin, in real time (to measure the effectiveness of the advertising campaigns). Through this system, the Company may collect, in its capacity of data controller, data relating to the User, such as:
• IP address (stored after hashing, therefore encrypted)
• user agent
• information relating to browser type and User settings
The above-mentioned data may be associated with information relating to the advertising campaign delivered by a publisher and the User’s interaction with the advertising campaign itself (e.g., clicks, time of day, subject that delivered the campaign, type of advertising campaign, etc.), in order to attribute the conversion to a specific publisher and to prepare accurate reports.
B) of the ad server ‘Google Ad Manager’ (hereinafter, “AdServer“) provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter, “Google“). Through the AdServer, profiling cookies are installed by the Company on the Website of Origin. Profiling cookies are used to create a profile of Users based on their preferences and tastes expressed during internet browsing, in order to display advertising messages consistent with their profile. In this way, the advertising messages that the Users will see on the Website of Origin can be more interesting to them. The profiling cookies installed by the AdServer are permanent and have a maximum duration of 13 months.
Moreover, the Company informs Users that, for the provision of the AdServer to the Company, Google declares itself as the independent Data Controller of Users’ personal data. Therefore, the Company has no control or power over the processing carried out by Google for data collection and subsequent processing resulting from the use of the AdServer, as it is merely a user of the ad serving service (which is technically managed by Google). For information regarding the possible transfer of Users’ personal data abroad by Google or the retention period of the data processed in the context of using the AdServer, Users can refer to Google’s privacy policy and/or to the following link.
Users can object to the use of profiling cookies by the AdServer through the following link.
The Company also informs Users that through Google’s AdServer, advertisers or additional third parties may use cookies linked to advertising messages in order to collect information about the User’s browsing activities on the Website of Origin.
C) other cookies and/or other profiling tracking tools through which the Company collect data as autonomous data controller or, in some cases (if specified below), as co-controller together with the provider of such tools, on the Website of Origin, with the references to the modalities through which it is possible to object to such use:
| Name | Informative Page – Opt-out |
| Adform | Use of the Demand Side Platform as well as of the Ad Server of Adform A/S, with offices located at Silkegade 3B, ground floor & 1st floor, DK-1113 Copenhagen, Denmark (“Adform“). Through Adform’s services, the Company is able to plan and manage the delivery of targeted advertising campaigns on the Website of Origin, monitor them, and optimize them, as well as track impressions and clicks related to advertising delivered on the Website of Origin. Personal data and information relating to the browser/device of User is collected, using Adform tags on the Website of Origin, by both the Company and Adform as joint data controllers under Article 26 of the GDPR. The joint data controllers will also match and combine such data and information with data from other data sources, link different devices, create User personalized advertising profiles, select personalized or contextual advertising, and proceed with the relevant technical delivery. Further information on joint data controllership is provided by Adform at the following link. For the exercise of rights, Users can refer to what is specified by Adform at the following link. |
| Google Analytics |
Monitoring platform of Google (traffic monitoring on websites, landing pages, etc. and tracking of conversion actions, visits , page views, etc.). We provide links to a Google’s information page and to Google’s opt-out mechanism. Google Analytics supports an optional browser add-on that, once installed and activated, disables measurement by Google Analytics for any website visited by a user. Please note that this add-on only deactivates Google Analytics measurement. |
| Google Tag Manager | Google’s tool for managing tags on web pages: information page |
| Display & Video 360 | Google’s advertising platform (Demand Side Platform – DSP): information page |
| Campaign Manager 360 | Google’s advertising platform (Adserver): information page |
| Google Ads | Google’s advertising platform (delivery of ads on search engines and on the network of Google’s websites): information page |
| Meta |
Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland; “Meta“) is a joint data controller with the Company for the collection , through the Meta pixel on the Website of Origin, and subsequent transmission to Meta, of data relating to the actions performed by Users on the Website of Origin. The necessary information required under Article 13(1)(a) and (b) of the Regulation is set out in Meta’s Privacy Policy available at the following link. Further information on how Meta processes personal data, including the legal basis to which Meta refers and how to exercise your rights against Meta, can be found in Meta’s Privacy Policy. The Company entered with the provider into the Controller’s Addendum to determine the respective responsibilities regarding compliance with the obligations established by the Regulation in relation to the processing subject to joint data controllership. Among the joint data controllers, Meta is responsible for the data subjects’ rights under Articles 15-20 of the GDPR in relation to the personal data retained by Meta after the processing carried out in joint controllership with the Company. |
| MGID | Measurement of the effectiveness of the ads delivered online through the collection from the Website of Origin of online identifiers data, such as IP address, and time/date of visit of the Website of Origin and/or conversion. To disable the profiling tools of MGID, change the settings of your browser (as better described in paragraph 8 below) or use the opt-out mechanism referred to in the following link. |
| Outbrain | Use of the technologies of Outbrain UK Limited (with offices in 100 New Bridge Street, London, EC4V 6JA, United Kingdom; “Outbrain“) for the delivery of advertisement and the related measurement. The company and the provider act as joint data controller based on the provisions of the agreement they entered into. The information related to the processing carried out by Outbrain, as well as the information relating to the exercise of rights towards Outbrain can be found at the following link . It is possible to object to the processing carried out by Outbrain as well as exercise the right as a data subject following this link. |
| TikTok | The TikTok’s pixel is used by the Company in order to collect and analyze the data relating to the advertising campaigns delivered through the services of TikTok, in order to measure and optimize them. TikTok (with the term “Tiktok” we refer to TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom (“TikTok UK”) and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok Ireland”)) is joint controller with the Company and the information necessary pursuant to the Regulation (among which there are the information on how to exercise the rights under the Regulation towards TikTok) are provided to into the notice of TikTok. The Company entered into an agreement with TikTok (available at the following link) to determine the respective responsibilities regarding compliance with the obligations established by the Regulation in relation to the processing subject to joint data controllership. Among the parties, TikTok is responsible for the rights of data subjects pursuant to articles 15-20 of the Regulation in relation to personal data retained by TikTok after processing carried out jointly with the Company. |
5. LEGAL BASIS
The legal basis for the processing carried out to provide the Services is the prior consent of the User (art.6, paragraph 1, letter a) of the Regulation).
As set out in the Applicable Law, your prior consent is required to install tracking tools that does not have a technical purpose. For this reason, when you access the Website of Origin, a special banner is displayed or, in some cases, a so-called Consent Management Platform (hereinafter, “CMP“), which you can use to state your preferences.
You are, of course, free to not give your consent to the installation of profiling tracking tools and to opt-out of using them at any time, without this affecting your ability to visit the Website of Origin and enjoy its content in any way.
As a sign of its commitment, Refine Direct S.r.l. is a member of the IAB Europe Transparency & Consent Framework (hereinafter, the “IAB Framework“) – the European framework for transparency and consent management – and complies with the Specifications and Policies of the IAB Framework. The Vendor ID of Refine Direct S.r.l., in the context of the IAB Framework, is 1157. You may find further information regarding the IAB Framework on the IAB Europe’s website.
If the User provides his/her consent to the use of cookies and/or other tracking tools via the CMP, the consent expressed will be tracked through technical methods linked to the use of the CMP, allowing for the documentation of the User’s choices to be kept up to date in compliance with Applicable Law. In this latter case, the Company may process metadata relating to the granular choices made by the User: the possible expression of consent, the details of the granular purposes for which the User has given consent, as well as the User’s possible choice to continue browsing while maintaining default settings by pressing the relevant button provided by the CMP on the Website of Origin.
6. PURPOSES OF THE PROCESSING
We use the data collected for:
• marketing, re-targeting and profiling (i.e. to show you advertisements and commercial offers that are as close as possible to your preferences) and to help advertisers deliver non-invasive advertisements that are closer to the needs of the User;
• measuring the performance of campaigns delivered by the publishers and/or the Company itself and, where appropriate, providing statistical analysis in aggregate form to advertising agencies/clients and/or the publishers of the Website of Origin;
• providing recommendations and/or reports and/or insight to advertising agencies/clients on the delivery of advertising campaigns in line with the preferences expressed by the User while browsing and/or in relation to the data they use.
7. THIRD PARTIES OTHER THAN THE COMPANY
Other tools (such as cookies, pixels, etc.) are installed on the Website of Origin by third parties other than the publisher of the Website of Origin and the Company.
Below is a list of the third parties currently used to provide the Services, with an indication of the links to the information pages created by their developers (also containing information on how to opt-out of installing them, and on the relevant retention periods):
Further partners of the Company
Through the Website of Origin, if you give your consent, additional partners of ours may process personal data in order to provide advertisement and/or make measurements on the advertisement already delivered. Please refer to the related policies: i) for which links are provided next to each vendor within the CMP; ii) for which links are provided within the policy of the Website of Origin; and/or iii) for which links are provided by the publishers that provide the advertising content that the User interacted with before landing on the Website of Origin, within their properties.
8. HOW TO MANAGE COOKIES AND/OR OTHER SIMILAR TRACKING TOOLS AND OPT-OUT OF USING THEM
There are various options for managing, disabling and deleting cookies and/or to opt-out to the use of similar tracking tools.
(A) Change your browser settings
Follow the instructions provided by the manufacturer of the browser you use to find out how to manage, disable or delete all cookies:
• Explorer;
• Edge;
• Chrome;
• Firefox;
• Safari;
• Opera.
(B) Use the special interactive tools
Consult the privacy policies of the third parties that install profiling tools (paragraph 7) in order to be aware of the modalities available to you to manage, disable and delete cookies and, more generally, to opt-out to their use of tracking systems. Remember that by disabling third-party tools: (i) you opt-out of using them not only on the Website of Origin but on all websites on which they are used; and (ii) the ability to browse the Website of Origin and use its functions will not be affected in any way.
(C) Use the website Your Online Choices
Your Online Choices is an Internet website managed by the non-profit association European Interactive Digital Advertising Alliance (EDAA), the Italian version of which can be found at the following link. It provides information on behavioural advertising based on profiling cookies and allows Internet users to easily opt-out of the installation of the main profiling cookies installed by advertisers and used on Internet websites. Before using this tool, we recommend that you carefully read the general terms and conditions of service of the Your Online Choices website, as well as the frequently asked questions (FAQ) and the help page.
Use Your Online Choices sensibly. Although Your Online Choices brings many of the world’s leading advertising companies that use cookies together, some of the third parties that install cookies through the website may not have signed up with Your Online Choices. Therefore, the use of Your Online Choices does not guarantee that you will receive third-party cookies while browsing the website. Remember, also, that if you delete all cookies from your browser, even the technical cookies issued by Your Online Choices to remember your preferences may be deleted, rendering third-party cookies active once again.
(D) Mobile Advertising ID
To opt-out on many devices such as iPhone, iPad or Android devices, we recommend that you consult the device settings and instructions provided by the device manufacturer. Below we have provided some examples for information purposes only and we decline all liability or warranty on their operation or current relevance.
• Apple iOS
Open settings, then “Privacy” -> “Location Services” -> “System Services” and change the option “Location-Based iAds” to “off“.
Open settings, then “Privacy” -> “Advertising” and switch the “Limit Ad Tracking” to “on“.
To reset your Advertising ID on iOS, open settings, then “Privacy” -> “Advertising” and select “Reset Advertising Identifier“.
• Android
Open Google settings, select “Ads” and then “Reset advertising ID” and select “Opt out of interest-based ads“.
(E) CMP
For the processing of personal data that, subject to your consent, the Company and/or the third parties listed in the previous paragraph B may carry out through profiling cookies used on the Website of Origin, you can use the CMP on the Website of Origin and/or the other consent collection mechanism found therein to provide and, if necessary, withdraw consent by following the related instructions. Please note that Refine Direct S.r.l. is an IAB Framework registered vendor and, through the CMP compliant with the IAB Framework’s standard, you will always be able to make granular choices in terms of providing and/or withdraw consent already given.
9. PROCESSING METHODS, TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND DATA RETENTION PERIOD
As highlighted in the introduction of this privacy policy, the Company may collect and process some of your personal data through cookies and/or other tracking tools that it places directly on the Website of Origin. The Company acts as the “data controller” of these data, in accordance with the provisions of the Applicable Law. We will process the data collected only by electronic means, in a fully automated manner and without human intermediation. Therefore, our employees and partners will never access the content of the personal data obtained through cookies and/or other similar tracking tools, which means that they will never be able to access and/or have PII (Personally Identifiable Information), i.e. information which can identify you directly.
Some of our employees and partners, authorised to process personal data pursuant to art. 29 of the Regulation, may carry out maintenance work on the computer systems that host the data, without ever being able to access its actual content. Personal data may be stored on servers managed by third parties (e.g. suppliers of computer systems) or may be managed by parties specializing in online advertising, who act as data processors on the basis of a written appointment by the Company, pursuant to art. 28 of the Regulation.
We inform you that, in compliance with the requirements and guarantees established by the Regulation, your data may be transferred to countries outside the European Economic Area (EEA). Such countries may not offer a level of privacy protection and protection of personal data comparable to the level guaranteed by the Applicable Law; where the Company acts as data controller, it will take the utmost care of the security of the data and will therefore manage such transfers with all the appropriate precautions and safeguards in accordance with the Applicable Law and, in particular, in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. Specifically:
– for the provision of the Google’s services, the Company’s provider, Google Ireland Limited, may transfer the pseudonymous personal data of the Users of the Website of Origin outside the EEA, on the basis of the so-called Standard Contractual Clauses or of an Adequacy Decision: in particular, to the United States, the data will be transferred on the basis of the Data Privacy Framework certification that Google LLC has adopted (more information available at the following link). In view of the scope of the processing, the nature of the data processed, and the risks of the processing carried out by the supplier, the Company considered the security measures that the supplier guarantees to adopt to protect the personal data to be appropriate;
– for the provision of the Adform’s services, the Company’s provider, Adform A/S, may transfer the pseudonymous personal data of the Users of the Website of Origin outside the EEA, on the basis of the so-called Standard Contractual Clauses and, in particular, to the United States, taking additional measures to ensure that this is done in accordance with the Regulation itself.
Please note that some of the third parties indicated in paragraph 7 above – as independent data controllers – may process the personal data collected through the tracking tools installed on the Website of Origin from a location outside the European territory and, therefore, it is recommended that you read their privacy policies carefully for more details.
Moreover, we would like to point out the transfers carried out by Meta (more information here and here), the transfers made by TikTok (more information here and here) and the transfer made by Outbrain (more information here) with respect to the subsequent processing carried out by the latter as autonomous controllers after the initial collection as joint data controller with the Company.
Your personal data will not be communicated to third-party data controllers or disseminated.
Your personal data will be kept by the Company for the time considered strictly necessary to carry out the primary purposes described in this privacy policy, or as necessary for the protection in civil law of both your interests and those of the Company and, in any case, for no more than twenty-four (24) months. The User’s personal data collected on the Website of Origin, by means of Refine’s proprietary conversion tracking solution, are processed by the Company for the purpose of correct attribution of the conversion only for the time strictly necessary and, in any case, for no longer than 24 hours. Once the origin of a conversion has been attributed to a specific publisher, the User’s personal data are anonymized.
10. YOUR RIGHTS
To exercise your rights, or to obtain further information or explanations on this privacy policy, please contact the Company using the following methods:
• by sending a registered letter with return receipt to the registered office of the Company (Corso Buenos Aires 54, Milan);
• by sending an email to: richieste_privacy@refine.direct.
You can also contact the Data Protection Officer (DPO) of the Company, whose contact details are as follows: email address dpo@refine.direct.
Under the Applicable Law, Users have:
a. the right to withdraw their consent at any time, if the processing is based on their consent;
b. the right to access their personal data;
c. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly-used and machine-readable format), the right to restrict the processing of personal data, the right to its rectification and the right to delete it (“right to be forgotten”);
d. the right to object:
i. in whole or in part, for legitimate reasons to the processing of personal data, even if pertinent to the collection purposes;
ii. in whole or in part, to the processing of personal data for the purpose of sending advertising material or direct sale, or for the purpose of market research or commercial communications;
e. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the Member State in which they work or in the Member State in which the alleged infringement took place). The Italian Supervisory Authority is the “Garante per la protezione dei dati personali”, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Company is not responsible for the updating of all links that can be viewed in this privacy policy. Therefore, whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to in these links.