(Last updated 28-12-2020)
1. Our commitment to privacy
2. Who we are
We are iClick Interactive Asia Group Limited (“iClick Interactive”). Our registered office address is 15/F Prosperity Millennia Plaza, 663 King’s Road, Quarry Bay, Hong Kong. Our company number is 852 3700 9000. For any data privacy or data protection related issues, we can be contacted at email@example.com
In accordance with the GDPR, we have appointed a Data Protection Officer, whose contact details are the following:
Vincent Potier c/o iClick Interactive Asia Group Limited
15/F Prosperity Millennia Plaza, 663 King’s Road, Quarry Bay, Hong Kong
3. Data collection
The data we collect about you depends on the Services that you use and how you use them, and it also depends on your relationship with iClick: if you are a user, a business partner, a prospect, an employee etc.
3.1. End-user data
iClick is a company operating in the field of marketing and advertising technology. We provide digital advertising and analytics services for the benefit of our business customers, giving them the ability to reach users who are most likely to be interested in the products and services of the clients we work for. Programmatic marketing is booming in China. Our proprietary platform, which boasts cross-channel and cross-screen capabilities, transforms data into insight, action and performance. We collect data from more than 750 million users in China, we use the data collected and processed to inform audience targeting and generation of insights about Chinese consumers, we let our clients use our SaaS platform or we run campaigns on behalf of our clients.
For Europe-based users:
iClick does not target users in the UK and the EU/EEA and it is not our intention to process the personal data of users located there. In order for us to process your data, you will normally have consented and accepted to data processing and accepting cookies or similar technologies from one of the publishers that we collect data from. So, it is possible that when visiting Chinese language websites, you may have consented to data processing or accepted cookies which might lead to us processing your data even if you are located outside of China. On the other hand, we will target Chinese travellers when visiting Europe with advertising campaigns ran on behalf of our clients. Remember you can change your preferences at any time and you can also exercise your rights by writing to firstname.lastname@example.org
iClick relies upon consent as a legal basis for most data we process. Still we believe we have a legitimate interest to collect and process personal data for the following purposes:
• Understanding whether users have made purchases after having seen ads (view-through measurement)
• Counting the number of times users who have seen ads have proceeded to buy a product or service (conversion tracking); this is necessary to understand the overall return on investment of that ad
• Understanding browsing behaviours of aggregated users
• Ensuring ads are not shown to the same users more than a certain number of times (frequency capping)
• Counting the number of times ads have been seen (frequency measurement)
• Counting the number of times ads seen have been clicked on (click count); needed to understand which creative formats generate interest and engagement as we always want to serve relevant ads
• Understanding if ads are seen by users (view-ability measurement): this is needed to optimize advertising investment
• Checking for fraudulent behaviour (e.g. many clicks from the same IP address or other unusual patterns).
3.2 Business contacts data
If you are a business contact, a business partner, a client, an agency, a publisher, a data provider, a prospect etc. we may hold some personal data about you. We will need that data in order to communicate, invoice, manage contracts and products and services we offer to you. That data we have collected may take many forms, i.e. name, email address, billing address, office address, phone numbers, title, employer etc. We would only hold this information because you have shared that information with us; it may be because you are a client (and we had to invoice you, offer our services to you etc.) or you may be a prospect and we would have obtained that information from exchanging emails or business cards, or during meetings or events etc.
For UK and EU users:
Under the current law, we would not have to obtain consent in order to keep that data as we require this data in order to manage our contract with your organization, or the data processing is necessary for our legitimate interests in marketing our services or evaluating new services and supplies. Still you can exercise your data subjects’ rights of that personal data and contact us at email@example.com
Our retention policy for this data is as follows, ie we will delete your data:
• Three years after the last contact
• Five years after the end of the contractual relationship
3.3. Employee data
If you are an employee of iClick Interactive, we suggest you refer to our updated HR policy and our employee handbook. If you are applying for a position with iClick, we will provide the relevant data processing information in a separate candidate’s privacy notice.
For UK and EU employees:
Please refer to your European HR handbook.
4. Types of data we collect and process
iClick collects data via identifiers such as cookies (web) placed on your devices through partners’ websites or apps or device IDs (mobile). In general, the sources of data can be cookies, device IDs, IP addresses, URLs visited, statistical, demographic and behavioural information etc. collected throughout your browsing activity on our publisher partners or campaign data (ads seen by each individual user, engagement with those ads, clicks etc.). As iClick adheres to the most stringent security standards, the data we collect and process is encrypted and pseudonymized.
iClick does not collect any information such as email, address, phone number, credit card information etc. The cookie and device ID data we hold about you is not data which allows us to know you. We do not process any data in such a way that it could be used, including through a third party, to establish the identity of a user.
5. Confidentiality of use of data
iClick collects information in order for iClick to provide its services to our clients (based on our agreements with them). iClick will treat all information collected as confidential. Clients’ limited license to iClick includes, but is not limited to the right to collect all information of users visiting our clients’ websites, either directly or through other means, such as the use of redirects and 1-by-1 pixels. iClick will not disclose any information collected from a client to any third party unless such disclosure is (i) approved by client, who in turn has obtained the approval of their users, or, where this is permitted by applicable laws, who has not opted out of the right to distribute their information, or (ii) is made by iClick in response to an order by a competent court of law, and provided that iClick has given client reasonable notice of such order, and an opportunity to object, or (iii) supported by a Non-Disclosure Agreement which enable iClick to co-operate with third party for data analytics purpose. iClick may improve and promote its service offerings, aggregate the information collected from clients with other data so that it is non-personally identifiable with respect to both clients and users to clients’ website(s).
For UK and EU users:
We provide data to other companies in our corporate group and technical service providers based outside the UK and the EU/EEA that require access to data in order to assist us in providing our services. In particular, we work with reputable external organizations (such as ad exchanges, measurement and verification services), to which we provide certain data which may include personal data, in order to provide our technology platform and services, on the basis of detailed written agreements requiring among other things compliance with applicable laws and security standards.
If any governmental body, law enforcement agency, or regulatory authority requested data from us, then we would normally comply with such request without having to notify you or other users.
Cookies are used to help your browser navigate the website and make full use of all its functionalities, such as identifiers, preferences, linguistic parameters, themes, among other common functionalities. In no case will the iClick cookie allow access to the information contained on a computer hard drive or to identify it by name.
Cookies come in different types:
– Session cookies which make it easier for you to navigate on websites; they expire when you close your browser
– Persistent cookies which enable us to track and target interests of users to improve the user experience on publishers’ websites; persistent cookies do not expire when you close your browser; they stay for a certain period of time in order to recognize user identifiers and serve relevant ads to them.
– Advertising cookies which allow us to track identifiers and serve relevant ads on the Internet
7. Opt-out of cookies (for UK and EU users)
If you no longer wish to receive ads served by iClick, you can manage your choices by using:
Important: when you choose to opt out from receiving cookies, a cookie will still be set in your browser. This is only by maintaining a cookie in your browser that we will be able to recognize you have made the choice of opting out of cookies.
Web: You can configure your web browser to remove cookies by following the directions provided in your browser’s “help” section.
Mobile: You can opt out from receiving targeted advertising based on data collected via applications on mobile devices by following the instructions from the device maker, e.g. (at the time this Notice was published):
• Android: Open the Google Settings app > Ads
• iOS 7 or higher: Choose Settings > Privacy > Advertising
• iOS 6: Choose Settings > General > About > Advertising
8. Data subjects’s rights (for UK and EU users)
Applicable data processing laws grant users various rights including in the EU/EEA:
• The right to be informed
• The right of access
• The right of rectification
• The right to erasure
• The right to restrict processing
• The right to data portability• The right to object
• The right not to be subject to automated decision-making
If you are a UK or EU/EEA user and want to exercise your rights, you can contact us at firstname.lastname@example.org
Where we process any data based on your consent, then you are always allowed to withdraw that consent at any time by contacting us (though the processing that took place before withdrawal will still be legal).
We are committed to resolving with you any issues or doubts you may have in relation to processing of your data. If you believe that your rights have not been respected at any time, then you may also have a right to complain to the Supervisory Authority in your country (also known as Data Protection Authorities) to ask them for a resolution.
9. What does iClick do with your data?
iClick collects data in order to run its audience targeting platform, run managed service campaigns on behalf of its clients, or generate insights and analytics. We will use the collected data to make decisions or buy, track, or report on ads served (impressions) via ad exchanges. We may also share performance data (i.e. relating to view-ability of the ad, clicks…and any conversions) with advertisers or/and their agencies. During this process, we may overlay third-party data collected from third-party data providers to enhance our decision making. Data also helps our advertiser clients to serve ads more relevant to users, therefore enhancing the return on investment and making ads more meaningful. In compliance with the best industry standards, we also use IP addresses for purposes such as fraud detection to help alert us to situations which could not have been caused by human behaviour, such as a massive amount of clicking in a limited period of time.
We do not process any information or combine with information obtained through third parties in order to determine the identity of users. iClick won’t process any personally identifiable information, will not know your identity, your name or your email address. iClick do not process special categories of data (such as your religion, your political opinions, your health etc.) (see section 12 below)
10. How long does iClick keep your data?
iClick hold your personal data according to the highest security and encryption standards, and we only do so for as long as necessary to run our business. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. As soon as reasonably practicable, once service to a client has been completed, all information identifiable to a user, collected by us, for that service, shall be properly and securely destroyed and permanently deleted from our systems.
For UK and EU users:
We delete all cookie IDs and device IDs after 6 months and campaign data (impressions, clicks, CTRs etc.) after 24 months.
11. Data transfers (for UK and EU users)
The marketing and advertising technology ecosystem is a complex and global one. Because of their nature, data sets know no frontiers. In order to operate our business efficiently, we have to transfer data to our key partners, suppliers, clients, some of which have servers located in different parts of the world. As noted, it is not our intention to collect personal data relating to UK and EU/EEA users. If our services required a data transfer from the UK or the EU/EEA to our systems located elsewhere, then this would only be undertaken in accordance with applicable laws and using appropriate safeguards (such as model contract clauses).
With the United Kingdom leaving the European Union, we might have to transfer personal data from the UK to the European Union and the EEA. For transfers from the European Union or the EEA to the United Kingdom, we will rely on the standard contractual clauses. When our services involve the storage and/or processing of Personal Data involving transfers of personal Data out of the European Economic Area or the UK to a jurisdiction that is not the object of an EU “adequacy” decision, then we will also rely on the standard contractual clauses. When we transfer data to countries where we or our partners, processors, sub-processors maintain facilities, we will only do so as long as those partners, processors and sub-processors transfer data via a valid legal mechanism such as the standard contractual clauses.
12. Personal sensitive data
We do not process any sensitive or special categories of data such as racial, religious data etc.
For UK and EU users:
Under the GDPR, special categories of personal data is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not process any special categories of personal data.
13. Children’s data
iClick strives not to collect any children’s data. If you are a parent/guardian and you believe that iClick may be processing data from someone that you have parental responsibility for, please contact us at email@example.com