CONVERGE-DIGITAL GDPR POLICY
Converge Digital participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Converge Digital’s identification number within the framework is 248.
TYPES OF DATA COLLECTED BY CONVERGE-DIGITAL
In order to deliver digital advertising to browsers and devices around the globe, the Converge-Digital Platform is designed to receive and transmit certain types of data, that collectively we call “Platform Data.” Platform Data is defined as data generated through the Platform.
This data includes information about browsers and devices, for example:
- The brand of browser (Chrome, Firefox, Opera)
- The operating system (iOS, Windows)
- Information about other pseudonymous identifiers associated to the device, such as Apple’s Identifier for Advertisers (IDFA) and Google’s Advertising ID for Android devices (GAID)
- The IP address from the device or browser that initiates an ad request
- The geographic location of the device or browser that initiates the ad request
The data the Platform collects from browsers and devices may also be referred to as “HTTP header data”. Data contained in the HTTP header, (such as IP Address) is required in order to deliver an ad to a device or browser.
The Converge-Digital Platform does not allow any data to be passed that has the potential to identify a natural person, such as name, address, phone number, or email address. Converge-Digital does not under allow data that directly identifies an individual in this way to be collected through or used on the Platform. We contractually prohibit our clients from passing data of this nature in connection with their use of our Platform.
DOES THE DATA CONVERGE-DIGITAL COLLECTS QUALIFY AS “PERSONAL DATA” UNDER THE GDPR?
The GDPR now includes “unique identifiers” within the scope of personal data when combined with certain types of information (including the information that we and other ad tech companies typically collect). This unique identifier is a sequence of numbers or numbers and letters used as a label that identifies a particular device or browser.
Converge-Digital assigns a unique identifier (e.g., UUID1234) to every device or browser that interacts with the Platform. While Converge-Digital cannot identify which individual (or individuals) are using the device or browser in the real world, this unique identifier, combined with the IP Address, is now defined as “personal data”.
This type of personal data that we collect, represented by unique identifiers, is referred to in the GDPR as “pseudonymized data”. The GDPR explicitly recognizes “pseudonymization” as good practice in protecting the interests of individuals, precisely because this practice makes it difficult, and nigh on impossible, to recognize who users are “in the real world”.
Converge-Digital is a joint controller with respect to any personal data collected or received by us when receiving an ad call to supply inventory to a publisher’s web page. This is due to the fact that data related to ad requests is tied to our Platform’s unique ID for the device or browser. Those unique IDs are used by our Platform for frequency capping and day-parting across browsers and apps of our publisher partners to ensure that advertisers using our Platform are not showing the same ad repeatedly to the same device or browser on the same day or at times the advertiser does not want to show its ad to that device or browser.
We have reached the conclusion that we are a joint controller in relation to this data because we need to honour frequency caps for our Advertisers. We believe that, pursuant to the text of the GDPR and the existing EU guidance, this makes us a controller of the data with respect to that purpose.
LEGAL BASIS FOR PROCESSING PERSONAL DATA UNDER THE GDPR
In order to collect, use, store, pass on, etc. (known as “process”) personal data, a data controller must have a legal right (known as a “legal basis”) to use the data.
LEGAL BASIS RELIED ON BY CONVERGE-DIGITAL
Where Converge-Digital operates as a data controller, we rely on legitimate interests to process personal data on our Platform for security purposes, to decide which buyer (and which creative) wins an auction to purchase advertising inventory, and to optimize the real-time sale of inventory.
All personal data used by Converge-Digital is pseudonymous data.