Last updated: December 19, 2023
- Data we collect
- Why do we process your personal data and on what basis?
- Are you required to provide us with your personal data?
- Disclosure to third parties
- Retention of your data
- Your Rights
- Contact Us
We encourage you to read the whole policy because it provides important information on your rights, and our obligations, with respect to your data.
1. Data we collect
Depending on the nature of our business relationship with you or your company, we may process the following personal data about you:
- People contacting us or who we contact in order to establish or maintain a business relationship: name, surname, email address, phone number, and other data contained in the communication (e.g., your company’s name or the name of your position at your company);
- Business partners running a sole proprietorship: personal data contained in our agreement(s) with you, data from publicly available registers, data provided or generated in connection with the creation and implementation of our agreement(s) with you, your name, and other business contact information;
- Representatives of our business partners: data contained in our agreement(s) with your company, power of attorney information, data from publicly available registers, your name, name of your position at your company, and other business contact information;
- Employees of the business partners: business contact information (e.g., name, surname, your company’s name, name of your position at your company, email address, phone number).
In general, we collect data directly from you (e.g., as a representative of one of our business partners) or from other sources related to our business relationship with you or your company (e.g., personal data that may be included in an agreement between us and your company).
2. Why do we process your personal data and on what basis?
We may process your personal data to create, facilitate, or conclude a contractual business relationship with you or your company including, for example, to facilitate the day-to-day management of your business with OpenX. The legal bases for such processing are: (i) necessity to perform an agreement to which you are a party (if OpenX executed an agreement with you, as a physical person running a sole entrepreneurship) or (ii) legitimate interest of OpenX to ensure the performance of an agreement (if OpenX executed an agreement with your employer or an entity you are cooperating with on a different basis).
We may also process your personal data to maintain contact with you, respond to your questions, manage our relationship with you, market our products to you, pursue claims against you, or defend OpenX against claims leveraged by you or a third party. The legal basis for such processing is the legitimate interest of OpenX.
Additionally, we may process your personal data to fulfil our legal obligations, specifically obligations arising from tax and accounting regulations or when such processing is required by law (e.g., if we receive a request from law enforcement or other government officials). The legal basis for such processing is the legal obligation of OpenX.
3. Are you required to provide us with your personal data?
Providing your personal data to OpenX is voluntary and you are not required to do so; in many circumstances, however, we may need the data to perform our obligations under an agreement with you, to otherwise fulfill our business or legal obligations to you or others, or to pursue other legitimate interests such as pursuing claims or maintaining a business relationship with you or your company.
4. Disclosure to third parties
Where necessary for our business purposes, we may share your personal information with the OpenX affiliated companies listed on this page.
Personal data may also be shared with government authorities and/or law enforcement officials if required for the purposes listed above, if mandated by law, or if required for the protection of OpenX's legitimate interests (e.g., to pursue or defend against legal claims) in compliance with applicable laws.
Personal data may also be shared with third party service providers who will process it on behalf of OpenX for the purposes described above. This will include, specifically, our customer relationship management (CRM) vendors who provide software that helps us manage our contracts and business relationships. Where necessary to meet our needs, we may also share your data with accounting firms, auditors, postal operators, banks, payment service providers, or courier companies that help us facilitate our business operations.
If OpenX or any of its affiliated entities is sold or integrated with another business, your details may be disclosed to OpenX advisers and advisers of prospective purchasers, and will be passed to the new owners of the business.
5. Retention of your data
Generally, we will process your personal data for the period of time required to maintain our business relationship and fulfill our contractual or other obligations to you. If you contact us directly, we will process your personal data for the period required to answer your question or to take other action related to your message.
We may keep certain of your personal data even after the fulfilment of our contractual or business relationship with you when we have a legitimate business need to do so (e.g., to prevent fraud and abuse or to pursue or defend against legal claims) or when we are required to do so by law (e.g., to comply with applicable legal, tax, or accounting requirements for the period required by these regulations) as long as the law allows us.
To learn more about our retention practices, you can contact us here.
7. Your Rights
For European Union’s residents
You have the right to ask OpenX to rectify, block or restrict access to, complete, and delete your personal data. You can also ‘port’ your personal data (that is, ask us to provide it to you in a structured, commonly used, and machine readable format and to transmit it directly to another organization). You have the right to request access to your personal data and further information about our handling of your personal data.
In some circumstances you can also object to our processing of your data and, where we have asked for consent to process your data, at any time you may withdraw that consent. Please note that withdrawing your consent will not impact the lawfulness of the processing before you withdrew the consent.
All requests related to your personal data will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit before responding to you.
Please note, however, there are exceptions to these rights. For example, access to personal data may be denied in some circumstances if making the information available would reveal personal data about another person or if OpenX is legally prevented from disclosing such data. In addition, OpenX may be able to retain data, even if you withdraw your consent, where OpenX can demonstrate that it has an alternative legal basis to process your data. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you have unresolved concerns, you have the right to complain to a data protection authority in the country where you live, where you work, or where you believe a breach of data protection has occurred. You can find contact details for your data protection authority here if you are an EEA-based individual or here if you are a UK-based individual.
We have carried out balancing tests for all of the data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us here.
If you would like to exercise any of the rights listed above, please reach us here.
Please note that, if you are a business partner located in the European Union or United Kingdom and your personal data is transferred outside of the European Union or United Kingdom to our affiliates or a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, OpenX has taken steps to make sure your data is adequately. OpenX is in the process of certifying for compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
The Federal Trade Commission has jurisdiction over OpenX’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.
Under certain conditions, more fully described on the DPF website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. In cases of onward transfer to third parties, OpenX is generally liable for the acts of the third party that are in violation of the DPF Principles.
In parallel to adhering to Data Privacy Framework, iIn the event that personal data collected from a UK or EEA data subject is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we will take additional steps to ensure your personal data is adequately protected (e.g., by way of EU Commission-approved Standard Contractual Clauses or by relying on other data transfer mechanisms approved under applicable data protection laws). We are also committed to conducting data transfer impact assessments and adopting any supplementary measures required to mitigate any risks to you identified in such an assessment. A copy of the relevant mechanism can be obtained for your review on request by contacting us here.
For United States’ residents
Depending on the jurisdiction in which you live, you may have the right to ask OpenX to delete certain of your personal data, correct inaccurate personal data, and provide you with access to your personal data.
OpenX does not share or sell personal data collected from you for valuable consideration.
All requests will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit before responding to you. OpenX will never discriminate against you for exercising your data subject rights.
Please note, however, that there are exceptions to these rights. For example, access to specific pieces of your personal data may be denied in some circumstances if OpenX is legally prevented from disclosing such information. In addition, OpenX may be able to retain your personal data, even if you request that it delete such data, where OpenX can demonstrate that it has a legal obligation to retain it or is otherwise entitled to do so. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you would like to exercise any of the rights listed above, please reach us here or at (855) 231-3834.
9. Contact us
The data controller, business, or equivalent entity that controls how your data will be processed is the OpenX entity you or your company are under contract with, or which you have been communicating with. A list of all OpenX affiliated companies is available here.
If you have a privacy question, concern or request, please contact our Data Protection Officer at firstname.lastname@example.org or reach us here.