MYNTELLIGENCE LIMITED: ONLINE PRIVACY STATEMENT
This is the privacy statement for Myntelligence Limited (Myntelligence, We or the Business). Myntelligence is a company incorporated in England and Wales with company number 08783401 with its registered office at 240-241 High Holborn, London, United Kingdom WC1V 7DN.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation 16/679, the data controller is Myntelligence, which has ICO registration number ZA232670.
THE GENERAL DATA PROTECTION REGULATION 16/679
In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):
personal data means:
any information relating to an identified or identifiable natural person (data subject);
identifiable natural person means:
one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What is the lawful reason We use to process personal data?
The two lawful reasons Myntelligence uses to process personal data are set out in Article 6 of the Regulation. Processing shall only be lawful if and to the extent that at least one of the following applies:
● the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6(1) (a)) (Consent);
● processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6(1) (f)) (Legitimate Interest).
Where We process personal data as a result of data subject consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act.
Where consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Where We process personal data as it is necessary for the purpose of our legitimate interests, We have done so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of Myntelligence being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data. Our analysis has focused on the following:
The nature and the source of the legitimate interest
Myntelligence participates in a supply chain where demand for its services comes from brand advertisers who respond to and in turn, generate consumer demand. Myntelligence offers brand advertisers access to data which isolates a class of data subjects for whom (potentially) the advertised goods or services are attractive. In principle, this is both legitimate and (as an economic and social norm) necessary.
The impact upon data subjects
(a) The nature of personal data being processed: Myntelligence does not process sensitive personal data nor personal data of a type requiring especial protection (such as the protection of a child). Its profiling activities do not result in automated decisions making (as explained below).
(b) The way the information has been processed: Myntelligence processes up to 24 benign data points which are treated through the Business’ use of a probabilistic approach that deploys privacy enhancing technology. This, in effect, erects a very high barrier to identification of the data subject and the consequent risks. The 24 parameters do not uniquely belong to only one device. For each combination of the 24 parameters, hundreds of thousands of identical devices exist.
(c) The reasonable expectations of the data subject: A data subject has the right to expect that their personal data is processed with respect for their fundamental rights and freedoms. This is enshrined in the Charter of Fundamental Rights. The Charter also recognizes that this is to be measured against other rights and a balance struck. As the Regulation sets out, processing (in this context, profiling) absent checks and balances is not consistent with a data subject’s right to privacy. For these reasons, Myntelligence accepts that personal data will not be processed without:
● offering the data subject transparency through a clearly articulated summary of what Myntelligence does at or before processing is undertaken, using Regulation-compliant privacy notices under the OBA Icon in addition to Regulation-compliant privacy notices on the advertisers’ Website (where the user may land if they click on the advertisement);
● the clear (and easily) right to opt out or qualify the processing undertaken, which is immediately accessible from the OBA Icon pop-up;
● limitations on use, retention, the security of its processing, and data subject recourse to Myntelligence by way of subject access requests and the attendant rights under Articles 15 to 22 of the Regulation.
Safeguards and Accountability
Privacy by Design and Default: Myntelligence has introduced privacy by design for the personal data which is processed by the Business, respecting all relevant facets of the Regulation. This is consistent with the accountability requirement under Articles 24 and 25, including recourse to the privacy enhancing technology which is highly protective. As an aside, please note, Myntelligence is ISO27001 certified.
Enhanced Transparency: The data subject will, through the use of the OBA Icon access to privacy notices making access to personal data consistent with the data subject rights set out in the Regulation.
The Unconditional Right to Opt Out: Myntelligence accepts that the data subject must have the right to opt-out without condition. This is consistent with the WP29 Guidelines and is used as a mechanism to enable the data subject to assert control.
The Use of Privacy Enhancing Technologies: Myntelligence uses pseudonymization technology which makes it impossible to isolate the data subject, nor identify personal data (within the cumulative data it aggregates).
Data minimisation: Personal data will be processed in accordance with specified purposes and subject to the principles set out in in Article 5 of the Regulation. Personal data that is collected before it is treated by Myntelligence’s privacy enhancing technology, will be deleted.
Securing personal data; recourse to the data subject: Myntelligence’s technology is so protective that upon data loss, its technology limits its facility for data subject identification (and notification) to many terminals or machines which match the broad demographic profiles it collects.
Your right to request that We stop processing personal data for our legitimate interests and withdrawal of your consent
As required by the Regulation, consent should be as easy to withdraw, as it is to give. Data subjects may request that Myntelligence does not process your personal data, at any time.
Data subjects can do this by going to the Myntelligence website at www.myntelligence.com/opt-out-tool
by adjusting your settings when you click upon the OBA icon which you find when you click on the advertisements of our clients, which in turn will lead you to a page where you can adjust the way in which your browser settings are configurated.
Our status; how We use personal data
● Generally, We act a processor of personal data for its clients, with whom it has signed a data processing agreement, which is compliant with the Regulation.
● Myntelligence is bound by the terms of this agreement which will require us to undertake analysis of the browsing of data subjects whose personal data has previously been provided to us, by our clients.
● It is often the case that our clients source their personal data as a result of the data subject’s consent or where the data subject has previously purchased goods or services from our clients.
● Where our clients do not provide Myntelligence with personal data and We are required to profile data subjects’ browsing habits where, for example, a data subject visits the Website of our clients, We act under the instructions of our clients, and subject to the terms of a data processing agreement.
● Myntelligence may act as a controller where Myntelligence undertakes profiling of data subjects and decides upon the purposes and means of the processing of personal data
● Where Myntelligence acts as a controller, any personal data We collect after profiling, is treated and managed according to the balanced approach We have set out above.
Why does Myntelligence need to collect and store personal data?
We collect and store personal data to provide our clients with the service they require (who in turn provide data subjects with data subjects with information which is timely and relevant and consistent with data subjects’ expectations with respect to their interests). We do not process personal data for any reason other than this purpose.
We only keep personal data for as long as is necessary in order to undertake this purpose. We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of the data subject’s privacy.
Will Myntelligence share my personal data with anyone else?
Myntelligence may pass your personal data on to third-party service providers contracted to Myntelligence. In these circumstances, the third party may be another controller, processor or sub-processor.
Where the third party is a processor or a sub-processor, they are obliged to keep your details securely, and to use them only to fulfil their contractual obligations to Myntelligence. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with Myntelligence’s data retention policy.
How will Myntelligence use the personal data it collects about me?
Myntelligence will process personal data in a manner compatible with the Regulation. We will keep information accurate, up to date, and not keep it for longer than is necessary. Myntelligence is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will Myntelligence contact me?
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.
We will get in touch with you where this is required under the Regulation.
Can I find out the personal data that the organisation holds about me?
At your request and where this is technically possible, Myntelligence will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information:
● Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU;
● Contact details of the data protection officer, where applicable;
● The purpose of the processing as Well as the legal basis for processing;
● If the processing is based on the legitimate interests of Myntelligence or a third party, information about those interests;
● The categories of personal data collected, stored and processed;
● Recipient(s) or categories of recipients that the data is/will be disclosed to;
● If We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure your information;
● How long the data will be stored;
● Details of your rights to correct, erase, restrict or object to such processing;
● Information about your right to withdraw consent at any time;
● How to lodge a complaint with the supervisory authority;
● Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as Well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
● The source of personal data if it wasn’t collected directly from you;
● Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as Well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Myntelligence accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.
|Contact Name:||Luca Censoni|
|Address:||240-241 High Holborn, London WC1V 7DN, United Kingdom|
|Telephone:||+44 (0) 2074301151|
strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website;
analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily;
functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region);
targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about first party cookies we use and the purposes for which we use them in the table below:
|Mynfpid + “cookie id”||Profiling first party cookie|
|_gat||Google Analytics Tracking||https://www.google.com/intl/en-GB/policies/privacy/|
|wordfence_verified Human||Site Security||https://docs.wordfence.com/en/Wordfence_options|
|_ga||Google Analytics Tracking||https://www.google.com/intl/en-GB/policies/privacy/|
You block third parties cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
In addition to cookies, we collect non-personally identifiable information automatically when you visit the site via other identifiers, including digital fingerprinting methods. You can find more information about the other identifiers we use and the purposes for which we use them in the table below:
|Mynfpid + “cookie id”||Profiling first party fingerprint|
You block the other identifiers by [clicking here] and following the instructions provided.
In general, “opting-out” means that you want Myntelligence to limit the information it collects and stores about your computer or device and to not target ads that are based on your interests to your browser or device. Your opt-out is only applicable to Myntelligence Platform and does not opt you out from platforms provided by third party companies. If you use multiple browsers, computers or mobile devices, and wish to limit the information Myntelligence collects and stores or do not wish to receive Myntelligence interest-based advertising on any of them, you must opt out from each browser, computer, and mobile device individually. Please note that if cookies are not enabled in your browser, or if you use certain ad-blocking tools, our opt-out mechanism may not work properly. Please also note that deleting your cookies does not opt you out.
When you opt-out, we record the opt-out on our servers and in browser environments we will attempt to place an HTTP opt-out cookie onto your browser or device. When you opt-out, Myntelligence will collect and store information from your computer or device only as needed to honour your opt-out and for limited research and development purposes to improve our browser- and device-recognition technology, which also helps to improve our ability to honour your opt-out. When you opt-out, Myntelligence also stops targeting interest-based advertising to that browser. In many instances, even if you delete your cookies, we are able to maintain a record of your opt-out on our servers. Nonetheless, please note that if you clear your cookies, or if you use a different browser or device, you may need to renew your opt-out choice.