3. Information relating to the collection and processing of data through our products
3.1 What kind of products do we offer?
We enable our customers to offer their digital advertising inventory in near real time and provide the necessary technology for this. For us and the advertisers it is important to display ads that are as relevant as possible. Therefore, we also offer our customers the possibility to display target group-specific or user-oriented advertising. Advertisers decide which ads are displayed to which user based on the interests and preferences of the users.
3.2 How do we collect data?
Cookies allow us to recognize your device when you visit other digital resources, which also include one of our products, by assigning a random number to your device.
The Cookies we use can only be read and used by us. The same applies to other providers with comparable or supplementary services to ours. When cooperating with these providers, it is advantageous if all parties involved agree on which user or device certain information refers to. For this reason we match our cookies with those of our partners.
With regard to Cookies, you have a wide range of options, which we explain in more detail under section 4.
3.3 What data does Yieldlab collect?
We collect and use the following data about you: :
• Information about your Internet connection: We collect data on which provider you use, how fast your connection is, and how high the latency is
• Information about your browser: We collect information about which browser you use, its version, the language set in the browser, and information about how your browser handles cookies.
• Information about your device: In this regard, we collect information about the operating system used, language settings, the brand of your device, device identification numbers, mobile operating system manufacturer advertising identifiers (IDFA or AAID) and the IP address of the device.
• Information about the website/app you visit: The content of the website/app, the type and nature of the web page, the domain of the web page or name of the app, technical information about the web page including referral URL (i.e. the URL of the web page from which you were referred to a web page) and the date and time of the visit.
• Information about your behaviour on websites: This includes information about the content you viewed, how long you viewed it, and which apps you used.
• Information about advertising materials: We record which adverts you have been shown, whether you have clicked on them or visited the advertiser’s website or downloaded their app.
• Information about your decisions: We also receive information on whether you have been informed about processing activities or whether you have consented to them. We also receive information on whether you have partially or completely objected to the processing and/or whether you would like your Cookie to no longer be used in the future.
• Location information: If you are viewing digital content or advertising on a mobile device, we can collect your exact location if you have enabled the appropriate feature on your mobile phone. Regardless of whether you are using a mobile device or a stationary device, we can obtain your approximate location or postcode area.
Our products allow the exchange of data with other publishers, advertisers or third parties to make ads more relevant.
Website operators may have additional information about you, or may purchase this information from so-called data management platforms. This data was previously collected about you and you were informed about its collection. We use this information to enrich the offer for an advertising space to be displayed to you. We will share this information with the bidders so that they can make an informed decision as to whether their ads are relevant and of interest to you.
We do not collect your name, e-mail address or any other information that could be used to directly identify you.
3.4 What this policy does not cover
If you would like to receive more detailed information on the other companies engaged by the website operator and their processing, please contact them directly. If the website operator already supports the IAB TCF 2.0 (see section 3.11 below), you can also obtain much of this information via the CMP used by the website operator (see also section 3.11 below).
3.5 What we use your information for
We use the data described above for the following purposes:
Store and/or access information on a device
As described above (see section 3.2), we may store Cookies on your device. If such a Cookie already exists, no further Cookie is stored, rather the existing one is read. The storing or reading of Cookies and Mobile Identification Numbers serves to identify your device. This enables us to offer advertising inventory for your specific device. In addition, we can link information about your device and about you with the unique Cookie or mobile identification number. Information about Cookies is exchanged between the cooperating partners to determine whether two Cookies belong to the same device. This makes it easier for us to coordinate among the various vendors when providing advertising services. This step is necessary because each vendor issues its own unique Cookie and cannot directly access the Cookies of other Vendors (see also section 3.2 above).
Basic selection of ads
We use your information to provide basic selection mechanisms for displaying ads. For example, this selection is based on content you are viewing, the app you are using, your approximate location, or the type of device you are using. This includes ensuring that you do not see the same ad over and over again. We do this based on information about who else is viewing such content or using the app. These assumptions do not necessarily apply to you.
Creation of a personalised ads profile
We can create a profile about you and your interests. We refer to this profile as a personalised ads profile. It assigns you to certain groups or segments that allow potential conclusions about your interests and preferences. We combine this segmentation with the Cookies or mobile identification numbers mentioned above. Segments usually consist of a number of characteristics, such as an interest in sports, linked to a specific region (e.g. Hamburg) and an estimated age range (e.g. 30 – 40 years). The characteristics of the segments can be flexibly adapted and are oriented, among other things, to the advertisers target groups. We do not create segments based on sensitive data, such as health data, political beliefs, sexual identity, religious or philosophical beliefs, racial or ethnic origin or trade union membership. We neither collect nor store such data.
Selection of personalised ads
We allow our customers to pass on your personalised ads profile to potential bidders for advertising space of our customers. Based on the personalised ads profile, these bidders can decide whether they want to bid on an advertising space. The aim is to ensure that you receive the most personalised, and therefore relevant, ads possible on our customers’ websites. However, the bidders themselves decide whether they consider their advertising material to be relevant.
Measure ad performance
We measure the performance or effectiveness of the ads you see or interact with. To do this, we record whether you have seen the ad, how long it has been displayed to you, whether you have clicked or otherwise interacted with the ad. These values are important, among other things, so that Yieldlab’s customers can ensure that they are properly remunerated for their advertising inventory.
Development and improvement of products
We may use your information to improve our existing systems and software and to develop new products.
Ensure security, prevent fraud and debug
We may use your information to look for and prevent fraudulent activities. We may also use it to ensure that our systems and processes function properly and securely. For example, we will analyse behaviour of real users in order to distinguish them from computer-generated signals that are often used for fraudulent purposes.
Technically deliver ads or content
Your device sends and receives data that allows you to view and interact with content and ads. This means the display of a webpage/app. If you enter a URL, your device sends a request to load the associated web page. A similar signal is generated when you click on a link (this can also be an image) on a web page. We use the same data that allows the operator of the website to show your device the website, so that the right advertising material can be displayed in the right place.
Match offline and online data
We may link data collected about you offline with your online data. However, we only do this if there is a legal basis for the collection of offline data and its matching. We may use the linked data to support the other purposes indicated here.
Linking different devices
We may use your information to identify different devices as belonging to you or your household. For this purpose, we group Cookies that we believe are used by the same person or within the same household. We use this information to provide this information to bidders in order to improve personalized advertising and content. We also use this information to ensure that you do not see certain ads too often.
Receive and use of automatically-sent device characteristics for identification
We use your data to distinguish your device from other devices. To do this, we use information that your device sends automatically without us requesting it separately. Such data are, for example, the IP address as well as system and device information.
Use of precise geolocation data
We can enable our customers to provide bidders with precise location data for your device. Precise here means that your location can be accurate to within a few meters. This information is used to display advertisements or content that is of particular relevance to you based on your location.
3.6 To whom may Yieldlab pass on your information?
3.6.1 Yieldlab passes on your personal data to partner companies that want to purchase advertising inventory to display ads to you. In addition, Yieldlab passes on an identifier to companies that provide additional information about users or market such information for third parties. In both cases this data has been collected from you beforehand. If such additional information about you is available, we will check whether it is legally permissible to pass it on to us. If this is the case, we can use this additional data to enrich the information on an advertising space and thus enable bidders to make an informed decision. The data will only be passed on if we have received the relevant consent or if we can invoke our legitimate interests.
Yieldlab is a service provider, so we work with partners when processing data. This also includes those partners on whose websites or mobile applications we collect data through the cookies described above. With some of these partners, we are joint controllers within the meaning of data protection law (Art. 26 DSGVO). This joint responsibility generally relates to the collection and transmission of data to us. A current list of those partners with whom we are jointly responsible is available on request.
We and our partners have divided certain tasks and activities among each other within the framework of joint responsibility. The division is as follows:
Yieldlab provides the partner with a technical solution (here tag) which the partner integrates on its offers. This tag enables the collection of the data described in more detail above. Yieldlab also supports the partner, in particular in the processing of inquiries from affected parties..
Each of the parties shall in particular ensure that the necessary data security is given. Both we and our partner will fulfil our reporting and notification obligations individually, but will support and inform us to the extent necessary.
You can exercise your rights described below as a data subject (Ref.: 3.10) both towards us and towards our partner. We and our partner are liable for any processing that does not comply with the provisions of the GDPR in accordance with Art. 82 GDPR.
Do you have any further questions on the subject of joint responsibility? We would be happy to provide you with further information on our cooperation with certain partners.
3.6.2 We may also disclose your information to governmental authorities, courts or third parties if such disclosure is necessary or appropriate to enforce or defend our claims, interests or rights, or to protect the vital interests of the data subject or another individual.
3.6.3 We may also disclose your information to an acquirer or potential acquirer of our business or parts of our business to the extent that your information is related to the part to be acquired and to the extent necessary to enable the acquirer or potential acquirer to evaluate our business or the part of our business in question. In the event of an acquisition, we may also transfer your data to the acquirer.
3.7 On what legal basis does Yieldlab process your data?
Yieldlab always complies with the applicable data protection laws and regulations when processing your data. For some processing operations, our legitimate interests form the basis for the processing. Other processing operations require your consent. Our respective customers make sure that you have given such consent before we process your data and of course we verify this. Of course, you have the possibility to change your mind and to withdraw your consent, we explain how to do this under section 4.
3.8 How long do we store your data?
The third party Cookies we use are generally valid for 30 days, after which time they and the data associated with them are deleted. If the Cookie on your device is recognized by us again within this period, the runtime is extended again by 30 days. The information associated with the Cookie can be stored for up to 24 months in agreement with our customers. Such data that we have received from a data management platform (see above) will be deleted after 30 days regardless of the Cookie’s duration.
3.9 Transfer of your data abroad
Yieldlab and its servers are located in Germany. However, some of our Partners and Customers are located outside of the European Union. If we transfer your data to a Partner or a Customer who is based outside of the European Union, we will ensure that data is processed with an appropriate level of protection. To this end, we make use of legally provided and permissible measures, such as an adequacy decision by the European Commission (cf. Art. 45 para. 1 GDPR) for the third country concerned; the use of the European standard contractual clauses (cf. Art. 46 para. 2 c) GDPR) or other effective safeguards provided for in the GDPR.
Standard contractual clauses for the transfer of personal data from the European Union to third countries
3.103 Your rights
It is important to us that you do not lose control over how we handle your data. Under the General Data Protection Regulation (“GDPR”), you have the following rights towards us:
Right to object to processing (Art. 21 GDPR)
You can object to the further processing of your data at any time.
Right of rectification (Art. 16 GDPR)
You can request us to correct the personal data stored about you.
Right to erasure (Art. 17 GDPR)
Under certain circumstances, you have the right to request us to delete your personal data.
Right to restrict processing (Art. 18 GDPR)
You may also have the right to request a restriction of the processing.
Right to data portability (Art. 20 GDPR)
If the requirements of Art. 20 GDPR are met, you have the right to receive from us a structured version, stored in a common machine-readable format, of the personal data concerning you.
Right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority (Art. 77 GDPR)
If you believe that our processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority.
Right to revoke consent
You can withdraw your previously given consent for the processing of your data at any time. In order to make this process as easy as possible for you, you can do this via the following link: Opt-out. For more information about your choices, please see section 4 below.
3.11 What is the IAB Transparency and Consent Framework (IAB TCF)?
We participate in the IAB TCF. The IAB TCF is a common standard for dealing with transparency obligations and obtaining consent in connection with online advertising. The companies organised in the IAB TCF undertake to comply with standards that go beyond the GDPR. Yieldlab is registered as a so-called vendor under the IAB TCF. Further information about the IAB TCF can also be obtained from the following link https://iabeurope.eu/tcf-2-0/. We recommend all our customers to also register with the IAB TCF. If you use a service from a company that is already registered as a Publisher in the IAB TCF, you will benefit, as the IAB TCF offers you transparency and control over the use of your personal data.
On a technical level, the latest version of the IAB TCF (currently version 2.0) allows each participating company to understand which processing activities are permissible in individual cases based on the user’s choice.
For you as a user, the IAB TCF means a highly granular freedom of choice. Of course, you can still either agree or disagree with the use of your data in general. In addition, you can precisely understand who will receive your data and for what purposes. Of course, you are free to exclude individual recipients or to limit the purposes for which your data is used individually. Limiting the purposes is only excluded in exceptional cases, such as security-relevant processing activities.
We recommend that you consider the various options available to you under the IAB TCF in order to make a decision that best suits your interests. You will receive more information on these options and how to implement them in the following section.