OpenWeb
General Data Protection Regulation (GDPR) Notice
This GDPR notice describes how OpenWeb Technologies Ltd. (“OpenWeb”, “we”, “us” “our”) uses personal data (as defined under the GDPR and UK GDPR) , the purposes for which personal data is collected and used, and the entities with whom we might share personal data regarding EU and UK individuals.
Any capitalized terms throughout this notice (such as Publishers, Advertising Partners, Visitors, End Users, Usage Data, etc.) shall have the same meaning as defined in the Website and Business Contacts Privacy Policy as well as the End User Privacy Policy).
TABLE OF CONTENTS
Controller and processor roles
Cross border transfers of personal data
Your rights under gdpr (and uk gdpr)
Controller and processor roles
Below are further details about our role as a controller or processor with respect to End User:
- Where you create an OpenWeb account to access the Services on publisher assets, we act as a data controller and the information in the End User Privacy Policy applies to how we process personal data about you.
- Where you create an account with a Publisher or use the Publisher’s single-sign-on process to access the Services (and do not create an OpenWeb account), we may act as a controller or processor on behalf of the Publisher in relation to the processing of personal data about you. In these situations, you should also consult the Publisher’s privacy policy to understand how personal data about you may be processed.
With respect to its Visitors’, Publishers’ and Advertisers’ personal data, OpenWeb acts as the data controller
Processing of personal data
We process personal data about individuals under one of the following legal bases:
- Performance of Contract: Where we process personal data about individuals as necessary to provide them with our Services.
- Legitimate Interest: Where we process personal data about individuals in accordance with our legitimate interests, such as to improve and enhance our Services, to understand how our Services are used, to optimize our marketing, advertising, customer services and support operations, and to maintain the security of our Services.
- Compliance with Legal Obligations: Where we process personal data to comply with any applicable legal obligations, to enforce any applicable terms and conditions and/or terms of service, and to protect or defend the Services and our rights.
- Consent: Where we process your personal data based on your consent, such as for marketing activities.
The table below presents the legal bases we rely on when processing each type of personal data:
Data Type | Purpose | Legal Basis |
End Users | ||
Basic signup information | To provide the Services, authenticate your identity, secure your account, personalize the Services, communicate with you, improve and enhance our Services, conduct research and analytics. | Performance of ContractLegitimate InterestConsent (where applicable) |
Account activity, interactions & feedback | To provide the Services, personalize the Services based on your preferences and interactions, improve and expand our Services, and conduct research and analytics. | Performance of ContractLegitimate Interests |
Usage Data | To provide the Services, personalize and improve the Services, conduct research and analytics, advertise to you, and to monitor the performance of our advertising campaigns. | Legitimate InterestsConsent (where applicable) |
Data we receive from third parties | To advertise to you, and monitor the performance of our advertising campaigns. | Legitimate InterestsConsent (where applicable) |
Website Visitors | ||
Contact details | To communicate with you, promote our products or demonstrations that you might request, improve and enhance the Services, market our Services to you and facilitate, sponsor, and offer certain events and promotions. | Legitimate InterestsConsent (where applicable) |
Usage Data | Personalize and improve the Site, conduct research and analytics, advertise to you, and to monitor the performance of our advertising campaigns. | Legitimate InterestsConsent (where applicable) |
Data we receive from third parties | To communicate with you, promote our products, improve and enhance the Services, market our Services to you and facilitate, sponsor, and offer certain events and promotions. | Legitimate InterestsConsent (where applicable) |
Cookies data | To help us provide, secure and improve our Services, personalize your experience and monitor the performance of our activities and campaigns. Please see our Cookie Policy for further details. | Legitimate InterestsConsent (for non-essential cookies) |
Publishers & Advertisers | ||
Contact details | To communicate with you, provide you the Services, products or demonstrations that you might request, customize the Service to you, improve and enhance the Services, market our Services to you and facilitate, sponsor, and offer certain events and promotions. | Performance of ContractLegitimate InterestConsent (where applicable) |
Account information for your business account | To provide you the Services, authenticate your identity, secure your account, personalize the Services for you, communicate with you, administer the relationship between our companies, improve and enhance our Services, and conduct research and analytics. | Performance of ContractLegitimate Interest |
Usage Data | To provide the Services, personalize and improve the Services, conduct research and analytics, advertise to you, and to monitor the performance of our advertising campaigns. | Legitimate Interest |
Data we receive from third parties | To communicate with you, promote our products or demonstrations that you might request, improve and enhance the Services, market our Services to you and facilitate, sponsor, and offer certain events and promotions. | Legitimate InterestsConsent (where applicable) |
cross border transfers of personal data
While privacy laws may vary between jurisdictions, OpenWeb is committed to protect personal data in accordance with its privacy policies and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
OpenWeb Technologies Ltd. is headquartered in Israel, a jurisdiction which is considered by the European Commission and the UK Information Commissioner’s Office (ICO) to be offering an adequate level of protection for the personal data of UK and EEA residents. We transfer personal data from the EEA and the UK to Israel on this basis. For data transfers from the EEA or UK to countries which are not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission and UK ICO. You can obtain a copy by contacting us at dpo@openweb.com.
your rights under gdpr (and uk gdpr)
Where applicable, you may have the following rights under the GDPR in relation to personal data we have collected about you, to the extent required by the GDPR and subject to verification and any applicable exceptions. These rights are:
Access | You have the right to access personal data we hold about you, how we use it, and who we share it with. |
Portability | You have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions |
Correction | You have the right to correct any of the personal data we hold about you that is inaccurate. |
Erasure | In certain circumstance, you have the right to delete the personal data we hold about you. |
Restriction of processing to storage only | You have the right to require us to stop processing the personal data we hold about you, other than for storage purposes, in certain circumstances. |
Objection | You have the right to object to our processing of personal data about you. |
Objection to marketing | You can object to marketing at any time by opting-out using the unsubscribe/opt-out function displayed in our communications to you. |
Withdrawal of Consent | Where we rely on consent to process personal data about you, you have the right to withdraw this consent at any time by contacting us. |
OpenWeb provides its users worldwide with the ability to exercise the rights for access and deletion via the ‘User Privacy’ section available on our platform. To fulfill your request, we will need to verify your identity and validity of your request. If you would like to exercise your rights mentioned in the section, please contact us at: privacy@openweb.com.
Please note that in some cases, you will also be required to submit your request directly to the relevant Publisher.
Please be aware that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain Personal Data about you.
If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the EEA country in which you live or work or where you think we have infringed data protection laws, or with the UK ICO, as applicable to you.
retention
Where we process your personal data as a data controller, we will retain personal data about you for as long as your account is active or as long as needed for the purposes set out in our applicable policies, including to provide the Services to you.
We will also retain and use personal data about you to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies. If you stop using our Services, we may store your data in an aggregated and anonymized format; we may use this information indefinitely without further notice to you.
Data Protection Officer
OpenWeb has appointed a Data Protection Officer for monitoring and advising on our ongoing privacy compliance, as well as serving as a point of contact on privacy matters for data subjects and supervisory authorities. Our DPO may be reached by email at dpo@openweb.com, or by mail at: OpenWeb Ltd. (Attn: DPO), Yigal Alon 94, Tel Aviv 6789156, Israel.
EU and UK Representative
Dr. Andreas Mätzler of Prighter has been designated as OpenWeb’s representative in the EU and UK for data protection matters. Inquiries regarding our EU & UK privacy practices may be sent by e-mail to privacy@openweb.com or via mail.
EU inquiries may be sent to: Prighter (Attn: OpenWeb), Schellinggasse 3/10, Vienna 1010, Austria
UK inquiries may be sent to: Prighter (Attn: OpenWeb), Kemp House, 160 City Road, EC1V 2NX, London, United Kingdom
UPDATES TO THIS NOTICE
We may modify this notice from time to time in which case we will update the “Last Revised” date at the top of this notice, and will notify you and take other steps as required by applicable law. The updated GDPR notice will be effective as of the time of posting, or such later date as may be specified in the updated notice.