General Data Protection Regulation (GDPR) Notice
This GDPR notice (the “GDPR Notice” or the “Notice”) describes how OpenWeb processes Personal Data with respect to the specific requirements of the EU GDPR and UK GDPR (collectively, the “GDPR”).
This Notice complements OpenWeb Privacy Policy (as available here; the “Privacy Policy“) and should be read in conjunction with it. It applies to individuals in the EU or UK and provides further information on our GDPR-specific processing activities.
Any capitalized terms throughout this notice (such as Personal Data, Publishers, Advertisers, Websites, End Users, etc.) shall have the same meaning as defined in the Privacy Policy.
TABLE OF CONTENTS
- Legal Bases
- Cross Border Transfers of Personal Data
- Your Rights Under the GDPR
- Data Protection Officer
- EU Representative
- UK Representative
- Updates To This Notice
Legal Bases
We process Personal Data about individuals under one of the following legal bases:
- Consent: We process your Personal Data based on your consent, such as for marketing, for analyzing your interaction with the Services, to communicate with you or respond to your requests, etc. We may rely on your consent which we obtain through our (or our Publishers’) cookie notice and consent management in order to implement tracking technologies and process information for the purpose of providing our Services, where those involve the display of ads.You may withdraw consent at any time by using the cookie preference settings (further information can be found in the Tracking Technologies Section in the Privacy Policy).
- Performance of Contract: Where we process Personal Data about individuals who engaged with us directly to receive our Service, we do so as necessary to fulfill our contractual obligations.
- Legitimate Interest: We process Personal Data about individuals in accordance with our legitimate interests, such as, as applicable, to improve and enhance our Services, to understand how our Services are used, to optimize our marketing, advertising, customer services and support operations, to maintain the security of our Services, to enforce any applicable terms and conditions of service, and to protect or defend the Services and our rights.
- Compliance with our Legal Obligations: Where we process Personal Data to comply with any applicable legal obligations to which we are subject, such as, reporting of illegal activity.
Cross Border Transfers of Personal Data
While privacy laws may vary between jurisdictions, OpenWeb is committed to protect Personal Data in accordance with its privacy policies and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
OpenWeb is headquartered in Israel, a jurisdiction which is considered by the European Commission and the UK Information Commissioner’s Office (ICO) to be offering an adequate level of protection for the Personal Data of UK and EEA residents (“Adequate Country”). We transfer Personal Data from the EEA and the UK to Israel and other countries which were recognized as Adequate Countries. For data transfers from the EEA or UK to countries which are not considered as Adequate Countries, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission and UK ICO. You can obtain a copy by contacting us at privacy@openweb.com.
Your Rights Under the GDPR
Where applicable, you may have the following rights under the GDPR in relation to Personal Data we have collected about you, to the extent required by the GDPR and subject to verification and any applicable exceptions. These rights are:
| Access | You have the right to access Personal Data we hold about you, and to receive information on how we use it and with whom we share it. |
| Portability | You have the right to receive a copy of the Personal Data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions |
| Correction | You have the right to correct any of the Personal Data we hold about you that is inaccurate. |
| Erasure | In certain circumstance, you have the right to delete the Personal Data we hold about you. |
| Restriction of processing to storage only | You have the right to require us to stop processing the Personal Data we hold about you, other than for storage purposes, in certain circumstances. |
| Objection | You have the right to object to our processing of Personal Data about you. |
| Objection to marketing | You can object to marketing at any time by opting-out using the unsubscribe/opt-out function displayed in our communications to you. |
| Withdrawal of Consent | Where we rely on consent to process Personal Data about you, you have the right to withdraw this consent at any time by contacting us. |
If you would like to exercise your rights mentioned in the section, please contact us at: privacy@openweb.com. To fulfill your request, we will need to verify your identity and validity of your request.
For users of the Platform, OpenWeb provides the ability to exercise the rights for access and deletion via the ‘User Privacy’ section available on our Platform.
Please note that in some cases, you will also be required to submit your request directly to the relevant Publisher.
Please be aware that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain Personal Data about you.
OpenWeb participates in the IAB Europe Transparency & Consent Framework (the “Framework”) and complies with its specifications and policies. OpenWeb’s identification numbers within the Framework are as follows:
| Group Company | TCF ID |
| OpenWeb Inc. | 280 |
| AdYouLike SASU | 259 |
If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the EEA country in which you live or work or where you think we have infringed data protection laws, or with the UK ICO, as applicable to you.
Data Protection Officer
As specified in our general privacy policy, OpenWeb has appointed a Data Protection Officer for monitoring and advising on our ongoing privacy compliance, as well as serving as a point of contact on privacy matters for data subjects and supervisory authorities.
EU Representative
AdYouLike SASU has been designated as OpenWeb’s representative in the EU for inquiries regarding data protection matters, and as its point of contact and legal representative for matters concerning the Digital Services Act.
Inquiries related to these matters may be sent in English, using the following contact information:
Email: privacy@openweb.com
Mail: 88 avenue Charles de Gaulle 92200 Neuilly-sur-Seine
UK Representative
AdYouLike Limited has been designated as OpenWeb’s representative in the UK for inquiries regarding data protection matters, and as its point of contact and legal representative for matters concerning the Digital Services Act.
Inquiries related to these matters may be sent in English, using the following contact information:
Email: privacy@openweb.com
Mail: 235 High Holborn, London WC1V 7LE, United Kingdom
Updates to This Notice
We may modify this Notice from time to time in which case we will update the “Last Revised” date at the top of this Notice, and will notify you and take other steps as required by applicable law. The updated GDPR Notice will be effective as of the time of posting, or such later date as may be specified in the updated notice.