Last updated: March 03, 2022
- Data we collect
- Why do we process your personal data and on what basis?
- Are you required to provide us with your personal data?
- Disclosure to third parties
- Retention of your data
- Your Rights
- Contact Us
We encourage you to read the whole policy because it provides important information on your rights, and our obligations, with respect to your data.
1. Data we collect
Depending on the nature of our business relationship with you or your company, we may process the following personal data about you:
- People contacting us or who we contact in order to establish or maintain a business relationship: name, surname, email address, phone number, and other data contained in the communication (e.g., your company’s name or the name of your position at your company);
- Business partners running a sole proprietorship: personal data contained in our agreement(s) with you, data from publicly available registers, data provided or generated in connection with the creation and implementation of our agreement(s) with you, your name, and other business contact information;
- Representatives of our business partners: data contained in our agreement(s) with your company, power of attorney information, data from publicly available registers, your name, name of your position at your company, and other business contact information;
- Employees of the business partners: business contact information (e.g., name, surname, your company’s name, name of your position at your company, email address, phone number).
In general, we collect data directly from you (e.g., as a representative of one of our business partners) or from other sources related to our business relationship with you or your company (e.g., personal data that may be included in an agreement between us and your company.
2. Why do we process your personal data and on what basis?
We may process your personal data to create, facilitate, or conclude a contractual business relationship with you or your company including, for example, to facilitate the day-to-day management of your business with OpenX. The legal bases for such processing are: (i) necessity to perform an agreement to which you are a party (if OpenX executed an agreement with you, as a physical person running a sole entrepreneurship) or (ii) legitimate interest of OpenX to ensure the performance of an agreement (if OpenX executed an agreement with your employer or an entity you are cooperating with on a different basis).
We may also process your personal data to maintain contact with you, respond to your questions, manage our relationship with you, market our products to you, pursue claims against you, or defend OpenX against claims leveraged by you or a third party. The legal basis for such processing is the legitimate interest of OpenX.
Additionally, we may process your personal data to fulfil our legal obligations, specifically obligations arising from tax and accounting regulations or when such processing is required by law (e.g., if we receive a request from law enforcement or other government officials). The legal basis for such processing is the legal obligation of OpenX.
3. Are you required to provide us with your personal data?
Providing your personal data to OpenX is voluntary and you are not required to do so; in many circumstances, however, we may need the data to perform our obligations under an agreement with you, to otherwise fulfill our business or legal obligations to you or others, or to pursue other legitimate interests such as pursuing claims or to maintaining a business relationship with you or your company.
4. Disclosure to third parties
Where necessary for our business purposes, we may share your personal information with the OpenX affiliated companies listed on this page.
Personal data may also be shared with government authorities and/or law enforcement officials if required for the purposes listed above, if mandated by law, or if required for the protection of OpenX's legitimate interests (e.g., to pursue or defend against legal claims) in compliance with applicable laws.
Personal data may also be shared with third party service providers who will process it on behalf of OpenX for the purposes described above. This will include, specifically, our customer relationship management (CRM) vendors who provide software that helps us manage our contracts and business relationships. Where necessary to meet our needs, we may also share your data with accounting firms, auditors, postal operators, banks, payment service providers, or courier companies that help us facilitate our business operations.
If OpenX or any of its affiliated entities is sold or integrated with another business, your details may be disclosed to OpenX advisers and advisers of prospective purchasers, and will be passed to the new owners of the business.
5. Retention of your data
Generally, we will process your personal data for the period of time required to maintain our business relationship and fulfill our contractual or other obligations to you. If you contact us directly, we will process your personal data for the period required to answer your question or to take other action related to your message.
We may keep certain of your personal data even after the fulfilment of our contractual or business relationship with you when we have a legitimate business need to do so (e.g., to prevent fraud and abuse or to pursue or defend against legal claims) or when we are required to do so by law (e.g., to comply with applicable legal, tax, or accounting requirements for the period required by these regulations) as long as the law allows us.
To learn more about our retention practices, you can contact us here.
7. Your Rights
For European Union’s residents
You have the right to ask OpenX to rectify, block or restrict access to, complete, and delete your personal data. You can also ‘port’ your personal data (that is, ask us to provide it to you in a structured, commonly used, and machine readable format and to transmit it directly to another organization). You have the right to request access to your personal data and further information about our handling of your personal data.
In some circumstances you can also object to our processing of your data and, where we have asked for consent to process your data, at any time you may withdraw that consent. Please note that withdrawing your consent will not impact the lawfulness of the processing before you withdrew the consent.
All requests related to your personal data will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit before responding to you.
Please note, however, there are exceptions to these rights. For example, access to personal data may be denied in some circumstances if making the information available would reveal personal data about another person or if OpenX is legally prevented from disclosing such data. In addition, OpenX may be able to retain data, even if you withdraw your consent, where OpenX can demonstrate that it has an alternative legal basis to process your data. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you have unresolved concerns, you have the right to complain to a data protection authority in the country where you live, where you work, or where you believe a breach of data protection has occurred. You can find contact details for your data protection authority here if you are an EEA-based individual or here if you are a UK-based individual.
We have carried out balancing tests for all of the data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us here.
If you would like to exercise any of the rights listed above, please reach us here.
Transfer outside EEA
We operate globally, and in many cases need to transfer your personal data internationally, including to the United States and United Kingdom for the purposes outlined above. Your personal data will be transferred to and processed by your OpenX contracting entity.
When transferring personal data to countries outside the EEA, we comply with European Union law by using Standard Contractual Clauses approved by the European Commission or by adopting other adequate safeguards. A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
For United States’ residents
Depending on the jurisdiction in which you live, you may have the right to ask OpenX to delete certain of your personal data, correct inaccurate personal data, and provide you with access to your personal data.
OpenX does not share or sell personal data collected from you for valuable consideration.
All requests will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit before responding to you. OpenX will never discriminate against you for exercising your data subject rights.
Please note, however, that there are exceptions to these rights. For example, access to specific pieces of your personal data may be denied in some circumstances if OpenX is legally prevented from disclosing such information. In addition, OpenX may be able to retain your personal data, even if you request that it delete such data, where OpenX can demonstrate that it has a legal obligation to retain it or is otherwise entitled to do so. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you would like to exercise any of the rights listed above, please reach us here or at (855) 231-3834.
9. Contact us
The data controller, business, or equivalent entity that controls how your data will be processed is the OpenX entity you or your company are under contract with, or which you have been communicating with. A list of all OpenX affiliated companies is available here.
If you have a privacy question, concern or request, please contact our Data Protection Officer at firstname.lastname@example.org or reach us here.