This is the privacy statement for Myntelligence Limited (Myntelligence or We). Myntelligence is a company incorporated in England and Wales with company number 08783401 with its registered office at 14 Grays Inn Road, London, WC1X 8HN, United Kingdom.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation 16/679, the data controller is Myntelligence, which has ICO registration number ZA232670.
The effective date of this Privacy Statement is 1st May 2018.
In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):
Overview and industry membership
Myntelligence wants digital advertising to be a useful complement to your online experience. We want to deliver personalized, well-chosen ads to help you discover things that interest you, new websites, new products, new services
Myntelligence uses complex technology to pick the best ads to show, based on everything We know about the context: the ad itself, the page that needs an ad, the time of day and other external factors, and information from your browser or mobile device digital advertising identifier that We use to predict what advertising would be most relevant and interesting to you.
If We can make ads more useful and interesting for you, then We’ll also make advertising more valuable to advertisers, and your visits will make websites more money per ad, and power their investments in the websites, apps, online features and content that they provide to you for free.
Myntelligence is a member of the European Digital Advertising Alliance (EDAA) and complies with the cross-industry Self-Regulatory Program for Online Behavioural Advertising as managed by EDAA. As part of compliance with the Self-Regulatory Program, Myntelligence is licensed and certified to deploy the OBA Icon. Myntelligence also complies with the Good Practice Principles for Online Behavioural Advertising as managed by the Internet Advertising Bureau (IAB). You can learn more about such program and principles by visiting the relevant websites at http://www.edaa.eu/ and https://www.iab.com/guidelines/.
What is the lawful reason We use to process personal data?
The two lawful reasons Myntelligence uses to process personal data are set out in Article 6 of the Regulation. Processing shall only be lawful if and to the extent that at least one of the following applies:
Where We process personal data as a result of data subject Consent, We ensure that Consent is freely given, specific and informed, and established by a clear affirmative act.
Where Consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Where We process personal data as it is necessary for the purpose of our Legitimate Interests, We have done so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of Myntelligence being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data. Our analysis has focused on the following:
The nature and the source of the Legitimate Interest
Myntelligence participates in a supply chain where demand for its services comes from brand advertisers who respond to and in turn, generate consumer demand. Myntelligence offers brand advertisers access to data which isolates a class of data subjects for whom (potentially) the advertised goods or services are attractive. In principle, this is both legitimate and (as an economic and social norm) necessary.
The impact upon data subjects
The nature of personal data being processed: Myntelligence does not process sensitive personal data nor personal data of a type requiring especial protection (such as the protection of a child). Its profiling activities do not result in automated decisions making (as explained below).
The way the information has been processed: Myntelligence processes up to 24 benign data points which are treated through our use of a probabilistic approach that deploys privacy enhancing technology. This, in effect, erects a very high barrier to identification of the data subject and the consequent risks. The 24 parameters do not uniquely belong to only one device and provide inferences about the consumer’s activity on the relevant site such as the page viewed or the advertising they clicked on thereby allowing Myntelligence through the use of an algorithm to undertake broad inferences about age, gender, vertical preferences and purchase intentions, otherwise known as shared data. For each combination of the 24 parameters, hundreds of thousands of identical devices exist.
The reasonable expectations of the data subject: a data subject has the right to expect that their personal data is processed with respect for their fundamental rights and freedoms. This is enshrined in the Charter of Fundamental Rights. The Charter also recognizes that this is to be measured against other rights and a balance struck. As the Regulation sets out, processing (in this context, profiling) absent checks and balances is not consistent with a data subject’s right to privacy. For these reasons, Myntelligence accepts that personal data will not be processed without:
Safeguards and accountability
Privacy by design and default: We have introduced privacy by design for the personal data which is processed by Myntelligence, respecting all relevant facets of the Regulation. This is consistent with the accountability requirement under Articles 24 and 25, including recourse to the privacy enhancing technology which is highly protective. As an aside, please note, Myntelligence is ISO27001 certified.
Enhanced transparency: the data subject will, through the use of the OBA Icon access to privacy notices making access to personal data consistent with the data subject rights set out in the Regulation.
The unconditional right to opt-out: Myntelligence accepts that the data subject must have the right to opt-out without condition. This is consistent with the WP29 Guidelines and is used as a mechanism to enable the data subject to assert control.
The use of privacy enhancing technologies: Myntelligence uses pseudonymization technology which makes it impossible to isolate the data subject, nor identify personal data (within the cumulative data it aggregates).
Data minimisation: personal data will be processed in accordance with specified purposes and subject to the principles set out in Article 5 of the Regulation. Personal data that is collected before it is treated by Myntelligence’s privacy enhancing technology, will be deleted.
Securing personal data; recourse to the data subject: Myntelligence’s technology is so protective that upon data loss, its technology limits its facility for data subject identification (and notification) to many terminals or machines which match the broad demographic profiles it collects.
Your right to request that We stop processing personal data for our Legitimate Interests and withdrawal of your consent: as required by the Regulation, consent should be as easy to withdraw, as it is to give. You may request that Myntelligence does not process your personal data, at any time. You can do this:
Our status; how We use personal data
Generally, Myntelligence acts as a processor of personal data for its clients, with whom it has signed a data processing agreement, which is compliant with the Regulation.
Myntelligence is bound by the terms of this agreement which will require us to undertake analysis of the browsing of data subjects whose personal data has previously been provided to us, by our clients.
It is often the case that our clients source their personal data as a result of the data subject’s Consent or where the data subject has previously purchased goods or services from our clients.
Where our clients do not provide Myntelligence with personal data and We are required to profile data subjects’ browsing habits where, for example, a data subject visits the website of our clients, We act under the instructions of our clients, and subject to the terms of a data processing agreement.
Myntelligence may act as a controller where Myntelligence undertakes profiling of data subjects and decides upon the purposes and means of the processing of personal data.
Where Myntelligence acts as a controller, any personal data We collect after profiling, is treated and managed according to the balanced approach We have set out above.
When you visit one of our client’s websites or mobile applications (apps), or the websites or apps where We display advertisements, We may collect information about your activity on that site or the location of your device, in order to show you relevant advertising. This may include collecting information about your device such as unique device identifier, browser type and language, the server your computer is logged into, and the operating system information.
As set out above, Myntelligence processes up to 24 benign data points which are treated through our use of a probabilistic approach that deploys privacy enhancing technology. This, in effect, erects a very high barrier to identification of the data subject and the consequent risks. The 24 parameters do not uniquely belong to only one device and provide inferences about the consumer’s activity on the relevant site such as the page viewed or the advertising they clicked on thereby allowing Myntelligence through the use of an algorithm to realise broad inferences about age, gender, vertical preferences and purchase intentions, otherwise known as shared data. For each combination of the 24 parameters, hundreds of thousands of identical devices exist.
We may also collect information about our interactions with you, such as which ads We’ve shown, and on which pages, and whether you responded to those ads by interacting with them. We store this information associated with an anonymous identifier in a profile in our database.
We may partner with other companies that also use anonymous identifiers to share anonymous information with us in order to enhance these profiles.
We don’t request or store your IP address or other information that can be used to identify you directly, such as your name, address, phone number, or email address.
Why does Myntelligence need to collect and store personal data?
We collect and store personal data to provide our clients with the service they require (who in turn provide data subjects with information which is timely and relevant and consistent with data subjects’ expectations with respect to their interests). We do not process personal data for any reason other than this purpose. We only keep personal data for as long as is necessary in order to undertake this purpose.
We are committed to ensuring that the information We collect and use is appropriate for this purpose, and does not constitute an invasion of the data subject’s privacy.
Will Myntelligence share my personal data with anyone else?
Myntelligence may pass your personal data on to third-party service providers contracted to Myntelligence. In these circumstances, the third party may be another controller, processor or sub-processor.
Where the third party is a processor or a sub-processor, they are obliged to keep your details securely, and to use them only to fulfil their contractual obligations to Myntelligence. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with Myntelligence’s data retention policy.
Myntelligence shares data with clients with whom it has executed an agreement under which it will licence first-party data but retains ownership at all times. The Company may also receive first-party data from clients by virtue of being given access to clients’ management systems. In these circumstances, Myntelligence acts as a processor under such arrangements with the client.
How will Myntelligence use the personal data it collects about me?
Myntelligence will process personal data in a manner compatible with the Regulation. We will keep information accurate, up to date, and not keep it for longer than is necessary.
Unless Myntelligence is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes, Myntelligence will not keep personal data for more than 24 months after initial processing.
How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will Myntelligence contact me?
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.
We will get in touch with you where this is required under the Regulation.
Can I find out the personal data that the organisation holds about me?
At your request and where this is technically possible, Myntelligence will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information:
Myntelligence accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.
Contact name: Luca Censoni
Address: 14 Grays Inn Road, London, WC1X 8HN, United Kingdom
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
You can find more information about first party cookies we use and the purposes for which we use them in the table below:
|myn_impr_< HASH >||Functionality cookie|
You block first party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies or by clicking Opt-Out and following the instructions provided. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
You block third parties cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
In addition to cookies, we collect non-personally identifiable information automatically when you visit the site via other identifiers, including digital fingerprinting methods.
You block the other identifiers by clicking Opt-Out and following the instructions provided.
Please see our Privacy Statement for how our clients and us use digital fingerprinting technology.