Updated as of 2023-05-09
IAB Europe TCF
Bannerflow participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Bannerflow’s identification number within the framework is 273.
1. Processing activities covered
- Visit our websites (such as bannerflow.com);
- Visit our social media pages;
- Visit our office;
- Apply for a job at Bannerflow;
- Receive communications from us, including emails, phone calls, and texts,
- Use our cloud platform as a user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data; or
- Register for, attend or take part in our events, webinars, meetings or contests.
2. What Personal Data do we collect?
2.1 Personal Data we collect directly from you
The Personal Data we collect directly from you includes identifiers, professional or employment-related information, commercial information, visual information, and internet activity information. We collect such information in the following situations:
If you express an interest in obtaining additional information about our services (either through e-mail or the website chat tool); register to use our websites; sign up for an event, webinar or contest; or download certain content such as e-books, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data (please see the “What device and usage data we process” section, below) using cookies, web beacons, or similar technologies;
If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data (please see the “What device and usage data we process” section, below);
If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request;
If you are talking to us through a digital meeting or a phone call, we log relevant information about such interaction and may in some cases also record the meeting;
We may use camera surveillance on our premises to maintain the safety of our employees, our customers and visitors, and to protect our property. Camera footage may be used to monitor activities and events, and may be saved as evidence in the event of crime or wrongdoing.
2.2 Personal Data we collect from other sources
We also collect information about you from other sources including third parties providing publicly available information. We may combine this information with Personal Data provided by you. This helps us update, expand, and analyze our records, and identify new customers. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. In particular, we collect such Personal Data from the following sources:
Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information; and another individual at your organization who may provide us with your business contact information for the purposes of obtaining services.
3. What device and usage data do we process?
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
3.1 Device and usage data
When visiting our site, certain information is gathered automatically. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites. This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
In addition, we gather certain information automatically as part of your use of our cloud products and services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), device and application identification numbers, location, browser type, the pages and files viewed, website and time stamps associated with your usage. This information is used to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services and to identify customer opportunities. Some of the device and usage data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
3.2 Cookies, web beacons and other tracking technologies on our website and in email communications
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer-browsing preferences, and improve and customize your browsing experience.
We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails. For instructions on how to unsubscribe from our marketing emails, please see Section 9.3 below.
The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies. If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests. Because required cookies are essential to operate the websites, there is no option to opt out of these cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual. Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
3.4 Opting Out from cookies
3.5 Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.
4. Purposes for which we process Personal Data and the legal bases on which we rely
We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the (a) performance of a contract or (b) legitimate interest) to collect and process your Personal Data.
Handling contact and customer requests: If you have registered for an account with us, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
Digital meetings: If you participate in a digital meeting with us (e.g. trainings or demos), we may in some cases record the meeting, either if you request us to or to pursue our legitimate interest in educating our staff. The Personal Data that is processed is the active speaker (voice and, if enabled, video, and the chat function). If you do not wish for us to record your image or voice in such a meeting you may opt out at any time by deactivating your microphone and camera;
Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
Managing recruitment: If you apply for a job or get in touch with employees at Bannerflow, Personal Data will be registered with and processed by Bannerflow. The purpose of the processing is to handle the recruitment process in question and to use the data for future recruitments.
Managing payments: If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you;
Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings,
Assessing and improving user experience: We process device and usage data, which in some cases may be associated with your Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
Reviewing compliance with applicable usage terms: We process your Personal Data to review compliance with the applicable usage terms in our customer’s contract to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
Displaying personalized advertisements (retargeting) and content: We process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites and to create lookalike audiences and provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in advertising our websites or, where necessary, to the extent you have provided your prior consent.
Sending marketing communications: We will process your Personal Data or device and usage data, which in some cases may be associated with your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the “Your rights relating to your Personal Data” section below);
Visiting our office: If you visit our premises, we process your Personal Data through non-biometrical camera- and sound surveillance for our legitimate interest in personal safety for employees and visitors, property protection and preservation of evidence; and
Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.
5. Who has access to your Personal Data?
We may share your Personal Data as follows:
Within Bannerflow: Bannerflow may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within the Bannerflow may receive your personal data. For example, our IT department may have access to your account data, and our customer success and sales departments may have access to your account data or data relating to product orders. Moreover, other departments within Bannerflow may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department, or internal auditing.
Service Providers: With our contracted service providers, who provide services such as IT and system administration and hosting, research and analytics, marketing, third-party social media networks, advertising networks and websites, customer support and data enrichment for the purposes and pursuant to the legal bases described above. If you attend an event or webinar organized by us, or download or access an asset on our website, we may share your Personal Data with sponsors of the event.
Customers where you may be employed or is affiliated to: If you use our services as an authorized user, we may share your Personal Data with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
Our professional advisers: In certain instances, professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services may gain access to your Personal Data and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
For more information on the recipients of your Personal Data, please contact us by using the information in the “Contact” section, below.
6. International transfer of Personal Data
The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area (“EEA“). We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out below.
Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16 unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us or (c) the visit by a child under the age of 16 is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “Contacting us” section below and we will take steps to delete their Personal Data from our systems.
8. Retention of Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data and the legal bases on which we rely” section, above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
We may retain your contact details and interests in our products or services for a longer period of time if Bannerflow is allowed to send you marketing materials. We may also retain your personal data after the termination of the contractual relationship to the extent necessary to comply with applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
For more information on data retention periods, please contact us by using the information in the “Contacting us” section, below.
9. Your rights in relation to Personal Data
9.1 Your rights
In certain circumstances (subject the conditions and exceptions in applicable law), you have the following data protection rights:
The right to access. You have the right to request information about the personal data we have on you and, if we do, to obtain a copy of that personal data.
The right of rectification. You have the right to have your personal data rectified if that personal data is inaccurate or incomplete.
The right to erasure. In certain circumstances, you have the right to request us to delete your personal data, e.g. such personal data would no longer be necessary to achieve the purposes for which it is kept.
The right to object. You have the right to object to our processing of your personal data. If you object to our processing of your personal data based on our legitimate interest, we will not continue to process the personal data unless we can demonstrate a legitimate ground for the processing which overrides your interest and rights or due to legal claims.
The right of restriction. You have the right to request that we restrict the processing of your personal data (i.e. personal data may under certain circumstances be blocked from normal processing but not erased).
The right to data portability. You have the right to be provided with a copy of the personal data we have on you in a structured, machine-readable and commonly used format. This only includes personal data you have submitted to us based on your consent or a contract, and may be further subject to conditions and exceptions in applicable law.
The right to withdraw consent. You have the right to withdraw your consent at any time where we relied on your consent to process your personal data. When you do so we might not be able to provide you with a service, specific content on our websites or similar based on the consent.
The right to object to direct marketing. You have the right to object to direct marketing, including profiling analysis carried out for direct marketing purposes. You may opt out of receiving any, or all, direct marketing communications from us, e.g. by following an unsubscribe link or instructions provided in any direct marketing email we send or by contacting us.
The right to request human intervention. If we have taken a decision about you based solely on automated processing that produces legal effects concerning you or similarly significantly affects you (automated decision making), you have the right to request “human intervention” from us.
You may always exercise your rights by contacting us, please see our further contact details below. Please note that we may ask you to verify your identity before responding to such requests.
You may contact us if you consider us to process your personal data in an incorrect way. You also have the right to complain to a supervisory authority (such as your local data protection authority within the EEA or the ICO if you are based in the UK) about our collection and use of your personal data.
9.2 Exercising your rights
To exercise your rights, please contact us by using the information in the “Contact us” section, below. Your personal data may be processed in responding to these rights. We try to respond to all legitimate requests as soon as possible, and no later than within one month unless otherwise required by law, and we will contact you if we need additional information from you to honor your request or verify your identity.
9.3 Your preferences for communication
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Bannerflow by clicking on the “unsubscribe” link located on the bottom of Bannerflow marketing emails, by replying or texting ‘STOP’ if you receive Bannerflow SMS communications, or by unsubscribing at this link. Of course, you can always let us know during a telephone call that you do not want to be called again for marketing purposes.
Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
10. Securing your Personal Data
We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.
12. Contact us