End user privacy policy

Effective date: May 25, 2018
Last updated: May 21, 2018


This doc­u­ment pro­vides in­for­ma­tion about our track­ing and dig­i­tal ad­ver­tis­ing tech­nol­ogy plat­form. The in­ten­tion of this doc­u­ment is to pro­vide you trans­par­ent in­for­ma­tion how the Voluum plat­form runs and how the data is processed, col­lected, and stored in the plat­form. We re­al­ize that some tech­ni­cal terms might sound com­pli­cated to you, so this doc­u­ment pre­sents those terms in sim­ple words as well as ex­plains what the goal of data pro­cess­ing is.

Aleph is firmly com­mit­ted to pro­tect­ing the pri­vacy of In­ter­net’s users and fos­ter­ing users’ con­fi­dence in on­line ad­ver­tis­ing and mar­ket­ing. Ac­cord­ingly, we are com­mit­ted to ob­serv­ing ap­plic­a­ble in­dus­try guide­lines in­clud­ing those es­tab­lished by the In­ter­ac­tive Ad­ver­tis­ing Bu­reau and the Gen­eral Data Pro­tec­tion Reg­u­la­tion (“GDPR”) by the Eu­ro­pean Union. We con­tinue to eval­u­ate en­hanced ways to pro­tect In­ter­net users’ pri­vacy while seek­ing to de­liver rel­e­vant ad­ver­tis­ing and cus­tom on­line ex­pe­ri­ences to those users on be­half of our cus­tomers.

This doc­u­ment out­lines Ale­ph’s End User Pol­icy and pro­vides you clear no­tice about the user’s in­for­ma­tion we may col­lect and process on­line in con­nec­tion with our ser­vices.

Our cus­tomers use our to ex­e­cute dig­i­tal ad­ver­tis­ing cam­paigns and our track­ing tech­nol­ogy to mon­i­tor, an­a­lyze, and op­ti­mize the re­sults of dig­i­tal ad­ver­tis­ing cam­paigns. Such op­er­a­tions re­sult in you hav­ing in­di­rect (when ad­ver­tise­ments are dis­played within sites and apps) and di­rect (when you click any of those ad­ver­tise­ments) in­ter­ac­tions with our servers.

I. Glossary

Ap­plic­a­ble laws: All the laws and reg­u­la­tions rel­e­vant to the col­lec­tion, pro­cess­ing, and stor­age of data, es­pe­cially all the­data pro­tec­tion laws and the Gen­eral Data Pro­tec­tion Reg­u­la­tion (EU) 2016/​​679 (GDPR).

Ad ex­change: This is a plat­form where peo­ple who can of­fer un­sold ad place­ments meet peo­ple who want to buy those place­ments for their on­line ad­ver­tise­ments. You can think about it as a dig­i­tal mar­ket­place with a sort of an auc­tion called real-time bid­ding. How­ever, a buyer can be any­body in­clud­ing other ad ex­changes or plat­forms that sale ad­ver­tise­ments to other com­pa­nies / buy­ers.

Ad server: By and large, a server where ad­ver­tise­ments are stored, man­aged, and de­liv­ered to you as a web­site end user. It might also pro­vide a re­port­ing mod­ule to check how the ad­ver­tise­ments per­form.

Cookie: They are small text files stored lo­cally by a web­site or ad server. By stor­ing cer­tain in­for­ma­tion in a cookie, those web browsers or ad servers are able to re­mem­ber your pref­er­ences and rec­og­nize web­sites vis­ited and / or web browser used from one visit to an­other. To learn more about cook­ies and how to dis­able them, visit http://​​www.al­labout­cook­ies.org.

Do­main name: It is a char­ac­ter string that helps you to eas­ily go to a web­site with­out the ne­ces­sity of re­mem­ber­ing IP ad­dresses. A do­main name must be unique for all do­main names avail­able on the In­ter­net. It al­lows you to nav­i­gate to a web­site and dis­cover an on­line ad­ver­tise­ment.

Do Not Track (DNT): This is an op­tion of the web browser that sends a re­quest to a web ap­pli­ca­tion to dis­able track­ing of an in­di­vid­ual user.

End user (vis­i­tor): This is a user of an In­ter­net con­nected de­vice, such as a vis­i­tor to a web­site, a user of a mo­bile app, or a user of an IoT de­vice, or a vis­i­tor on an ad­ver­tise­ment, land­ing page, or cam­paign.

Ge­o­graphic lo­ca­tion: This is a piece of in­for­ma­tion where you are lo­cated based on an IP ad­dress. Pre­cisely, this is a lo­ca­tion of your de­vice that is con­nected to the In­ter­net and based on that we are able to de­fine a coun­try, re­gion, city, and In­ter­net Ser­vice Provider (ISP) your de­vice is con­nected to.

HTTP re­quest header: The re­quest header of Hy­per­Text Trans­fer Pro­to­col. The HTTP pro­to­col is used all around the world. Al­most all con­tent that shows up in the browser you see is trans­mit­ted to your com­puter (or other de­vice con­nected to the In­ter­net) over HTTP. For ex­am­ple, when you opened this pol­icy in the browser, many HTTP re­quests have been sent. Each re­quest con­tains an HTTP header in which there is in­for­ma­tion about the browser you use, the re­quested page, the server and much more.

HTTP re­quest pa­ra­me­ters: The re­quest pa­ra­me­ters of Hy­per­Text Trans­fer Pro­to­col are ad­di­tional pieces of in­for­ma­tion trans­mit­ted from one de­vice to the other that you might see in the ad­dress bar of your browser. They are in the form of name=value pairs sep­a­rated from the URL by a ?. There might be more than one name=value pair, where each of them are sep­a­rated by an &.

IP ad­dress: An In­ter­net Pro­to­col (IP) ad­dress is a set of num­bers that each de­vice has as­signed to con­nect with other de­vice over the In­ter­net net­work. The IP ad­dress al­lows ad­dress­ing and de­liv­er­ing the in­for­ma­tion to the right re­ceiver. Every time a piece of in­for­ma­tion is sent, a de­vice needs to com­mu­ni­cate with other de­vices in a com­puter net­work to be able to de­liver the mes­sage. Send­ing in­for­ma­tion in that con­text means every kind of ac­tiv­ity such as surf­ing, ex­chang­ing emails, or down­load­ing an ap­pli­ca­tion. The IP ad­dress is used to iden­tify the de­vice to which the mes­sage is sup­posed to be sent and find the best way to de­liver it.

Per­sonal in­for­ma­tion / per­sonal data: Any in­for­ma­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able per­son as de­fined in ar­ti­cle 4.1 of GDPR.

Pro­cess­ing: Any op­er­a­tion or set of op­er­a­tions which is per­formed upon per­sonal data, whether or not by au­to­matic means, such as col­lec­tion, record­ing, or­ga­ni­za­tion, stor­age, adap­ta­tion or al­ter­ation, re­trieval, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­sem­i­na­tion or oth­er­wise mak­ing avail­able, align­ment or com­bi­na­tion, block­ing, era­sure or de­struc­tion (process, processes and processed shall have the same mean­ing).

Real-time bid­ding: Voluum cus­tomers who gain ac­cess to the Voluum DSP area are able to bid in real time to get the op­por­tu­nity of show­ing an on­line ad­ver­tise­ment of­fered by a cer­tain ad ex­change. The win­ner of the auc­tion is treated as the best can­di­date from the Voluum DSP side to be able to dis­play the ad­ver­tise­ment on a web­site.

Re­fer­rer do­main: In sim­ple words, this is the ad­dress of a web­site that led you, as a vis­i­tor, to an­other page.

Re­tar­get­ing: A strat­egy of on­line tar­geted ad­ver­tis­ing when in­for­ma­tion is gath­ered to ad­dress vis­i­tor’s pref­er­ences based on their pre­vi­ous ac­tions / choices. When you, as a vis­i­tor, go to one sort of web­sites, for ex­am­ple be­cause you are look­ing for a pair of glasses, then the ad­ver­tise­ment is dis­played in front of you with glasses that you might pos­si­bly like.

Re­quest time: This is the time when a query to the Voluum data­base is sent. Every time when you click an ad­ver­tise­ment, the query re­quest is made, so the Voluum plat­form is able to store the in­for­ma­tion about the visit.

User agent: In­for­ma­tion about a de­vice, op­er­at­ing sys­tem, web browser is be­ing used to ac­cess a web­site.

You (vis­i­tor): A per­son who can visit dig­i­tal ad­ver­tis­ing cam­paigns on the In­ter­net.

II. What Kind of Data Do We Collect and For What Purposes?

In or­der to per­form our ser­vices, we are in­tent on col­lect­ing and pro­cess­ing cer­tain in­for­ma­tion about you and your de­vice. Some of this in­for­ma­tion (in­clud­ing, for ex­am­ple, your IP ad­dresses and cer­tain unique de­vice iden­ti­fiers) may iden­tify a par­tic­u­lar com­puter or de­vice and be con­sid­ered as per­sonal data in some ju­ris­dic­tions, in­clud­ing the Eu­ro­pean Union. This kind of data en­ables us to pro­vide ag­gre­gated re­port­ing and analy­sis of the per­for­mance of our cus­tomer’s ad­ver­tis­ing cam­paigns.

Plat­form does not col­lect any data which by it­self iden­ti­fies an in­di­vid­ual such as a name, ad­dress, phone num­ber, email ad­dress.

We also do not col­lect any “sen­si­tive” or “spe­cial cat­e­gories of per­sonal data” as de­fined un­der the Eu­ro­pean data pro­tec­tion laws as well as per­sonal data of chil­dren.

Sync cookie: This is a unique num­ber that will be as­signed to you as a vis­i­tor when an ad­ver­tise­ment shows up in a web­site for the first time. The cookie stores the in­for­ma­tion to in­form us that you have seen a cer­tain set of ad­ver­tise­ments be­fore, so we may vary them not to over­load you with the same con­tent all the time. Shortly, it en­hances the ad­ver­tise­ment se­lec­tion. It ex­pires af­ter 30 days.

Opt-out cookie: This a cookie that is used for the opt-out op­tion for Voluum DSP. It gives us in­for­ma­tion that you do not want to be tracked with desk­top and mo­bile en­vi­ron­ments. It ex­pires af­ter at least 2 years.

III. For What Purposes We Use End User Data?

The data col­lected and stored in the Voluum plat­form is used to in­crease the ad rel­e­vance and ad­just the ad dis­play to the chang­ing needs of the ad vis­i­tor. Par­tic­u­larly, the Voluum data is used for:

  • Cross-De­vice Match­ing
  • To iden­tify to how many de­vices a vis­i­tor is as­so­ci­ated with to cut off ad dis­play rep­e­ti­tions.
  • Fraud De­tec­tion
  • To mon­i­tor the qual­ity of traf­fic for our cus­tomers and black­list those sources that gen­er­ate fake vis­its / clicks.
  • Fre­quency Cap­ping
  • To limit the num­ber of times a vis­i­tor is ex­posed to a sin­gle ad­ver­tise­ment.
  • Re­port­ing, Analy­sis, and Op­ti­miza­tion