PRIVACY POLICY

Through this Privacy Policy ("Privacy Policy"), Adorphic Group, which includes Adorphic FZ-LLC and its subsidiaries ("Adorphic", "we", "us", or "our"), outlines the terms governing its processing of data, including personal data.

Given the different types of natural or legal persons interacting with Adorphic, we have divided most sections of this Privacy Policy based on the type of user you are. Please carefully read the definitions provided below to determine which sections apply to you.

Adorphic is committed to ensuring an adequate level of data protection in compliance with applicable data protection laws and regulations. To this end, Adorphic has adopted a comprehensive framework to safeguard privacy rights. This includes ensuring that all data is processed according to the principles of lawfulness, correctness, and transparency, and implementing numerous technical and organizational measures to secure the protection and confidentiality of such data.

Adorphic adheres to the Interactive Advertising Bureau's (IAB) Self-Regulatory Principles for Online Behavioral Advertising and the IAB Europe OBA Framework. Consequently, we also participate in the IAB Europe Transparency & Consent Framework and comply with its specifications and policies. 

In relation to our business partners, with whom we have a contractual relation, this Privacy Policy forms an integral and substantial part of the Terms and Conditions ("T&Cs").

1. Definitions

Our Privacy Policy is designed to be legible and understandable for the general public, as well as our business partners. In this document, we use the following key terms:

1.1. Business Partners: Any natural or legal person that registers or emails with Adorphic to enquire or use any of the services provided by Adorphic. 1.2. Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifying agreement to the processing of their personal data. 1.3. Controller (Data Controller): The entity that determines the purposes and means of processing personal data. 1.4. Cookie ID: A unique identifier assigned to a specific cookie, used to recognize and track a data subject’s device across websites. 1.5. Cookies: Small text files placed on a user’s device to collect and store information about their preferences and online activities. 1.6. Consent Management Platform (CMP): A platform that can be used by publishers for requesting, receiving, and storing users’ consent, for storing the list of preferred vendors along with why they’ve been collecting the users’ information, and for updating the collected consents (if a user triggered the action). 1.7. Data Protection Officer: The person responsible for ensuring that the company protects personal data in accordance with current legislation. 1.8. Data Protection Laws: Means European Data Protection Laws, UK Data Protection Laws, the CCPA, the CPRA, PIPEDA, and any other legislation or regulation from time to time relating to privacy, data protection, and/or the collection, use, and/or sharing of Personal Information anywhere in the world. 1.9. Data Subject: An identified or identifiable natural person whose personal data is being processed. 1.10. Device ID: A unique identifier assigned to a specific device, often used for advertising and analytics purposes. 1.11. Digital Property: An online platform or asset owned, operated, or controlled by an entity, including websites, mobile apps, web pages, blogs, and interactive features, used for user interaction and data collection. 1.12. IP Address: A unique numerical label assigned to each device connected to a computer network. 1.13. Personal Data: Any information relating to an identified or identifiable natural person, a Data Subject. This can include identifiers such as a name, identification number, location data, or online identifier. 1.14. Processor: An entity that processes personal data on behalf of the controller. 1.15. Profiling: Activities aimed at creating a user profile to enhance marketing and user experience. These activities do not involve the automated processing of personal data to evaluate or predict aspects such as performance, economic situation, health, preferences, interests, reliability, behavior, location, or movements, as defined by GDPR. 1.16. Pseudonymisation: Processing personal data so that it can no longer be attributed to a specific data subject without additional information, which is kept separately and securely. 1.17. Recipient: Any natural or legal person to which personal data is disclosed. 1.18. Restriction of processing: Marking stored personal data to limit its processing in the future. 1.19. Third party: Any natural or legal person other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. 1.20. Third-Party Publisher: Any other party granted a license to exploit the Licensed System on any Licensed Platform or otherwise designated as a "publisher of record." 1.21. Users: Any natural or legal person who visits a Digital Property where Adorphic's technology is used to provide advertising services. 1.22. Visitors: Any natural or legal person who visits or interacts with Adorphic's content placed on, including but not limited to, its websites, web pages, interactive features, or blogs at https://Adorphic.com/.  

2. Contact Information

Adorphic values data subjects' privacy and is committed to addressing any questions or concerns you may have about our data practices. If you need to contact Adorphic regarding this Privacy Policy, your personal data, or any related matters, you can reach out using the following methods:

By Email: privacy@Adorphic.com

Please note that Adorphic may need to verify your identity before responding to certain requests. Adorphic aims to respond to all legitimate inquiries without undue delay.

3. Collection of Data and Purposes

3.1. Business Partners

When you engage with Adorphic as a Business Partner, whether by reaching out to Adorphic, signing up for our services or using them, we may collect certain Personal Data and other information through forms such as partnership applications, service agreements, and insertion orders. The Personal Data and information could include:

• Business Contact Information: Company name, address, and contact details of designated representatives.
• Account Data: Information necessary for creating and managing accounts on our platform, including login credentials and user permissions.
• Campaign Information: Data related to advertising campaigns, including specifications, creative content, and performance metrics.
• Financial Data: Information required for billing and payment processing, such as invoicing details and payment records.
• Communication Records: Records of correspondence and interactions related to our business relationship and service provision.

Adorphic collects and processes the above-mentioned Personal Data and information for the following purposes:

• Service Provision: To fulfill the contractual obligations and provide advertising services effectively.
• Account Management: To create and maintain your account on the Adorphic platform.
• Communication: To correspond with you about Adorphic's services, including updates and support.
• Campaign Optimization: To process and optimize advertising campaigns as per agreement.
• Financial Transactions: To handle billing and payment processes related to Adorphic's services.
• Legal Compliance: To comply with applicable legal and regulatory requirements.
• Service Improvement: To enhance Adorphic's services based on feedback and performance analysis.

3.2. Visitors

When you visit or interact with Adorphic's own Digital Properties, such as Adorphic's website, web pages, interactive features, or blogs, we may collect Personal Data and information through various means including form submissions, cookies, and server logs. This may include:

• Technical Data: This includes your IP address, browser type and version, operating system, access date and time, and pages visited on our site.
• Usage Data: Adorphic collects information about how visitors interact with Adorphic's Digital Properties, including the pages the visitor visits and the time spent on each page.
• Cookie Data: Adorphic uses cookies and similar technologies to enhance visitors’ browsing experience and collect information about visitor preferences and interactions with our site.
• Form Submission Data: If visitors fill out any forms on our Digital Properties, Adorphic collects the information you provide, such as your name, email address, and any message content.
• User Account Data: For registered users, Adorphic collects information necessary to manage your account, including your email address and password (encrypted).
• Communication Data: Adorphic keeps records of any correspondence you have with us, including email communications and chat logs if you use Adorphic's customer support features.

We collect and process the above-mentioned Personal Data and information for the following purposes:

• Service Provision and Optimization: To deliver and optimize content on our digital properties, ensure system viability, and provide a seamless user experience.
• Security and Legal Compliance: To protect against cyber attacks, assist law enforcement if necessary, and comply with legal requirements.
• Analytics and Improvement: To analyze data statistically, improve Adorphic's digital offerings, and understand user behavior for better content creation.
• Marketing and Personalization: To tailor content to visitor preferences, provide relevant information about Adorphic's services, and send marketing communications (if you consent).
• User Account Management: For registered visitors, to create and maintain accounts, provide personalized experiences, and manage preferences.
• Communication: To respond to inquiries, provide customer support, and send important updates about our services or policies.
• Business Development: To process partnership inquiries and provide information about our offerings to potential clients.

3.3. Users

When you visit Digital Properties, such as websites or applications, where Adorphic's technology is implemented for advertising services, Adorphic may collect Personal Data and information through our ad-serving technology, cookies, and similar tracking technologies. This may include:

• Technical Data: This includes your IP address, device identifiers, cookie IDs, mobile advertising IDs, browser type and version, operating system, internet service provider, access date and time, screen resolution, and language settings.
• Usage Data: Adorphic collects information about referrer websites, pages visited, interactions with content and advertisements, video viewing behavior (such as play, pause, and completion rates), time spent on pages, and click-through rates.
• Cookie Data: Adorphic stores and retrieves information using cookies and similar tracking technologies on your device.
• User Privacy Choices: We process TC Strings in accordance with the IAB Europe Transparency & Consent Framework (TCF) version 2.2 to respect user privacy preferences.
• Contextual Data: This includes content categories of pages visited and keywords associated with viewed content to understand the context of your browsing.
• Ad Interaction Data: Adorphic records your interactions with ads, including views, clicks, and other engagement metrics.
• Location Data: Adorphic may infer your general location based on your IP address.
• Inferred Interests: Based on your browsing behavior, Adorphic may derive topics and categories of interest.
• Geolocation Information: Adorphic may derive the non-precise location of your device from your IP Address.
• Bid Request Data: In the process of real-time bidding, certain information is shared to facilitate ad delivery.
• Partner Data: Adorphic may enhance our user profiles with additional data obtained from our advertising partners.

We collect and process the above-mentioned Personal Data and information for the following purposes:

• Service Provision and Optimization: To deliver and optimize advertising content, ensure the proper functioning of our technology, and provide contextual matching of video content and advertisements.
• Analytics and Improvement: To analyze data statistically, enhance our services, and measure advertising campaign performance.
• Marketing and Personalization: To Profile users for targeted advertising, providing information on the delivery of advertising campaigns in line with your expressed preferences, and limit the number of views of the same element during a predefined time interval (frequency capping), and create audience segments. This includes marketing products and services of Adorphic's third-party partners to present advertisements and commercial offers that meet your preferences as much as possible.
• Data Enrichment: Adorphic may combine and enrich the data acquired with our cookies to improve Profiling and carry out marketing activities.
• User Privacy Management: To process and respect user privacy choices in compliance with TCF Policies.
• Ad Delivery and Optimization: To provide Adorphic's services, including ad delivery, targeting, and optimization based on real-time performance metrics.
• Contractual Obligations: To fulfill the agreements with Publishers and Advertisers, including generating performance reports.
• Fraud Prevention: To detect and prevent fraudulent ad traffic or invalid clicks.
• Legal Compliance: To comply with applicable legal and regulatory requirements. This includes providing law enforcement authorities with information necessary for criminal prosecution in case of a cyber-attack.
• Processing of User Privacy Choices (TC Strings): In accordance with the IAB Europe Transparency & Consent Framework (TCF), Adorphic processes users’ privacy choices as recorded in the form of a TC String. Where Adorphic determines such TC Strings constitute personal data, processing will be conducted pursuant to the TCF’s Special Purpose 3 (“Save and communicate privacy choices”). Such processing is necessary for Adorphic's legitimate interests in ensuring users’ privacy choices are respected across the digital advertising ecosystem. These interests are not overridden by users’ rights, as the processing is limited to what is strictly necessary to uphold their expressed preferences. Users can update their privacy choices at any time via the Consent Management Platform on participating publishers’ websites. Adorphic will retain TC Strings only as long as necessary to fulfill the purpose of communicating users’ choices to relevant parties.

4. Legal Basis for Processing

Adorphic processes Personal Data in accordance with applicable Data Protection Laws. We have different legal bases for processing personal data, depending on who you are and how you interact with us.

4.1. Business Partners

If you are a Business Partner, we process your personal data:

• To fulfill our contractual obligations or take steps prior to entering into a contract: This includes providing our services, ensuring access to our platforms, and responding to inquiries about our products or services. For instance, we use your contact information to set up and manage your account on our platform.
• To pursue our legitimate interests: Such as improving our services, ensuring system security, and preventing fraud. For instance, Adorphic analyzes usage data to enhance platform features and performance.
• To comply with applicable laws and regulations: Such as fulfilling tax requirements. For instance, we retain transaction records for tax reporting purposes.

4.2. Visitors

If you are a Visitor to our Digital Properties, Adorphic processes your personal data:

• Based on your consent: Obtained through Adorphic's CMP, for certain activities, such as the use of cookies to remember your preferences and enhance your browsing experience.
• To pursue our legitimate interests: In improving Adorphic's website, ensuring security, and responding to inquiries. For instance, Adorphic may analyze website traffic to improve user experience and detect security threats.
• To comply with applicable laws and regulations: Such as retaining server logs for security and compliance purposes.

4.3. Users

If you are a User of Digital Properties, such as websites or applications, where Adorphic technology is implemented, Adorphic processes your personal data:

• Based on consent: Obtained through our third-party partners’ CMP, for activities such as serving personalized ads based on your browsing behavior and preferences.
• To pursue our legitimate interests: In providing and optimizing our advertising services, preventing fraud, and managing privacy choices. For instance, Adorphic may use data to improve ad targeting and measure ad performance.
• To comply with applicable laws and regulations: Such as retaining data for legal compliance and reporting.
• To save and communicate your privacy choices (TC Strings): Where Adorphic determines that processing of TC Strings recording users’ privacy choices constitutes processing of personal data, such processing will be conducted under the legitimate interest legal basis in accordance with the TCF’s Special Purpose 3.

5. Consent and Opt-Out

5.1. Adorphic's Opt-Out Process

Where Adorphic relies on consent for processing, you have the right to withdraw your consent at any time. This won’t affect the lawfulness of processing before consent withdrawal.

• Business Partners and Visitors: You can withdraw consent by adjusting your cookie settings on our Digital Properties.
• Users: You can update your privacy choices at any time via the Consent Management Platform on participating Third-Party Publishers’ Digital Properties. Adorphic will retain TC Strings only as long as necessary to fulfill the purpose of communicating your choices to relevant parties.

5.2. Important Considerations When Opting Out

Please note that although you have opted out of Adorphic:

• Ad Visibility: Opting out doesn’t mean you’ll stop seeing ads. Instead, the ads you see won’t be personalized based on your interests and browsing behavior.
• Device and Browser Specificity: The opt-out is tied to your specific device and browser. If you use multiple devices or browsers, you’ll need to opt out on each one separately.
• Cookie Dependence: Our opt-out mechanism relies on cookies. Clearing your cookies will reset your opt-out preference.
• Profile Deletion Timeline: To ensure complete deletion of your profile, avoid opting back in for at least 90 days after opting out.
• Technical Limitations: Some browser features, like iOS’s “Intelligent Tracking Prevention,” may affect the persistence of opt-out cookies.

6. Data Collection Technologies

6.1. Business Partners

Adorphic employs cookies, which are small text files stored on your device, to uniquely identify browsers and devices. Adorphic employs cookies on Digital Properties to enhance our relationships with Business Partners and improve our services:

• Authentication Cookies: These essential cookies help Adorphic recognize our Business Partners when they log into our platforms, ensuring secure access to account information and tools.
• Preference Cookies: Adorphic uses these to remember our partners' settings and preferences, such as language choice or dashboard configurations, to provide a more personalized experience.
• Analytics Cookies: These cookies collect information about how Adorphic's Business Partners use our platforms. We use this data to improve our services, fix technical issues, and enhance user experience.
• Functionality Cookies: These enable advanced features on our business platforms, such as live chat support or interactive demo tools.

Business Partners can manage their cookie preferences through their account settings or browser configurations. However, disabling certain cookies may limit access to some features of our business platforms. For a comprehensive list of first-party cookies used on relevant Digital Properties, please consult our Cookie Table. This table provides information on cookie names, purposes, and expiration times.

6.2. Adorphic Website Visitors

For Visitors to our Digital Properties, Adorphic uses a limited set of cookies to enhance site functionality and gather insights:

• Essential Cookies: These are necessary for Adorphic's website to function properly. They enable basic features like page navigation and access to secure areas of the website.
• Performance Cookies: Adorphic uses these to understand how visitors interact with our website. They help us analyze which pages are most popular, identify any errors, and improve overall site performance.  
• Functionality Cookies: These remember choices visitors make, such as language preferences or region selection, to provide a more personalized experience.
• Marketing Cookies: If a visitor consents, Adorphic may use these cookies to deliver more relevant content and advertisements based on their interests and browsing behavior on Adorphic's site.

Visitors can control their cookie preferences through our cookie consent banner or their browser settings. We respect visitor privacy and provide clear options to accept or decline non-essential cookies.

For a comprehensive list of first-party cookies used on relevant Digital Properties, please consult our Cookie Table. This table provides information on cookie names, purposes, and expiration times.

6.3. Users

6.3.1. Cookies

For Users on Adorphic's Third-Party partners’ Digital Properties, Adorphic uses cookies which play a crucial role in our advertising ecosystem and in proposing ads that match your expressed preferences:

• Purpose: They allow Adorphic to recognize users across different platforms and sessions, control ad frequency, build interest profiles, measure performance, match devices, and respect opt-out preferences.
• Syncing: We synchronize these cookies with Adorphic partners to create a unified understanding of user preferences and behaviors.
• Segmentation: Cookies help Adorphic and our partners categorize users into relevant audience segments for targeted advertising.

Adorphic uses the following types of Cookies:

• Identification Cookies: These are essential for recognizing users across different websites and devices, enabling personalized ad experiences.
• Frequency Capping Cookies: We use these to control how often a user sees specific advertisements, ensuring a balanced ad exposure.
• Interest Cookies: These cookies help us understand user interests based on content views and ad interactions, allowing us to target ads more effectively.
• Performance Measurement Cookies: Adorphic employs these to track ad interactions, including views, clicks, and conversions, helping Adorphic measure and improve ad effectiveness.
• Cross-Device Matching Cookies: These enable Adorphic to recognize users across different devices, providing a consistent advertising experience.
• Opt-Out Preference Cookies: These remember a user’s choice to opt-out of personalized advertising, respecting user privacy preferences.
• Syncing Cookies: Adorphic uses these to synchronize user identifiers with our advertising partners, enhancing our ability to deliver relevant ads.

Users can manage their cookie preferences through the cookie consent banner on our Third-Party partners’ Digital Properties or through their browser configurations.

Adorphic adheres to the EU cookie law; therefore, users can consult our Cookie Table for a comprehensive list of first-party cookies used on relevant properties. This table provides information on cookie names, purposes, and expiration times. For any further information about the cookie policy, users can contact the Adorphic privacy department at privacy@Adorphic.com.

6.3.2. Pixel Tags

Pixel tags, also known as web beacons or clear GIFs, are integral to our advertising technology. These transparent images or short JavaScript snippets are embedded in web pages or emails and are used by Adorphic and our Third-Party partners to understand user interactions with their online properties.

Purpose:

These pixel tags help track user interactions, including:

• Page views
• Ad impressions
• Email opens
• Click-through rates
• Conversion tracking
• Time spent on page

When an Adorphic pixel is present, it checks for an Adorphic UUID (Unique User Identifier) associated with the visitor.

Data Collection:

• If a UUID is found, advertisers can:
  • Retarget those specific UUIDs with tailored ads.
  • Receive aggregate data on the number of UUIDs that visited the page.
• If no UUID is present, the pixel can still collect general interaction data, such as:
  • Overall page views
  • Ad impressions
  • Engagement metrics, which help assess the effectiveness of advertising campaigns

Data Aggregation: Data collected through pixels is aggregated and anonymized before being used for analytics and reporting, minimizing the risk of individual identification.

Privacy Considerations:

• Adorphic Third-Party partner advertisers are obligated to disclose their use of the Adorphic pixel in their privacy policies.
• Adorphic maintains a strict policy of not combining pixel-derived information with individual UUID profiles to protect user privacy.
• Users can often control pixel tracking through their browser settings or by using ad-blocking extensions. Adorphic encourages users to familiarize themselves with these tools to manage their privacy preferences effectively.
  

6.3.3. Mobile Advertising Identifiers

Adorphic utilizes device-specific identifiers, such as Apple’s IDFA (Identifier for Advertisers) and Google’s AAID (Android Advertising ID), which serve as unique, resettable identifiers for advertising purposes on mobile devices. This includes:

• Purpose: These identifiers enable personalized ad experiences and cross-app tracking, helping advertisers deliver relevant content based on user behavior.
• Technical implementation: These identifiers are integrated into our SDK (Software Development Kit) and ad-serving systems, allowing for consistent user recognition across different apps and mobile websites.
• Privacy considerations: Users have the ability to reset these identifiers or limit their use through their device settings. We respect these choices and immediately update our systems when changes are made to ensure compliance with user preferences.

6.3.4. Web Analytics Integration

Adorphic collaborates with various web analytics platforms to track and analyze user behavior after ad interactions. This includes:

• Purpose: Adorphic analyzes post-click activities, conversions, engagement metrics, and long-term campaign performance to optimize ad delivery and improve user experience.
• Data processing: Adorphic uses advanced analytics tools to process this data, applying machine learning algorithms to derive insights and enhance advertising effectiveness in real-time.
• Privacy considerations: All data collection through these integrated analytics tools is subject to the respective privacy policies of Adorphic's Third-Party partners and clients. We ensure that data is aggregated and anonymized where possible to protect individual user privacy.

6.3.5. Partner and Third-Party Technologies

Adorphic's ecosystem includes technologies used by Adorphic clients and other third parties, such as tags, pixels, cookies, and other tracking technologies present within advertisements or on specific websites.

• Purpose: These technologies facilitate features like frequency capping, sequential messaging, and cross-device tracking, enhancing the effectiveness of advertising campaigns. They also provide valuable insights into user behavior and preferences, allowing our partners to deliver more relevant advertising experiences.
• Data flow: Information collected through these technologies may be shared with the respective partners for various purposes, including ad serving, reporting, and optimization. This data sharing is conducted in compliance with applicable data protection laws, ensuring that user privacy is maintained throughout the process.
• Privacy considerations: When interacting with these technologies, users are subject to the privacy policies of the respective clients or third parties. We encourage our partners to maintain transparent privacy practices and provide clear opt-out mechanisms for users. It is important to understand that Users should review the privacy policies of these partners to understand how their data may be used and what rights they have regarding their information.

7. Data Sharing

Adorphic may share certain Personal Data with Third-Party partners to enhance advertising capabilities, which may include:

• Adorphic UUID: A unique identifier for users that helps in tracking interactions across platforms.
• Device ID: Identifiers specific to the user’s device, aiding in personalized advertising.
• Cookie ID: Identifiers stored in user browsers that track user behavior and preferences.
• IP Address: The user’s internet protocol address, which can provide information about their location.
• Content Viewing Behavior and Ad Interaction Data: Information on how users interact with ads and content across platforms.

The purposes of sharing this data may include the following:

• Cookie Syncing: To create a unified user profile across different platforms and partners, enhancing the accuracy of targeted advertising.
• Technical Requirements: For seamless integration and functionality of our advertising technology, ensuring a smooth user experience.
• Enhanced Targeting: To improve the relevance of advertisements shown to users, thereby increasing engagement and satisfaction.

Adorphic may share data with several types of partners in the advertising ecosystem:

• Supply Side Platforms (SSPs): These automate the selling of ad inventory, matching it with appropriate advertisers while ensuring compliance with privacy regulations.
• Data Management Platforms (DMPs): They store and analyze cookie and mobile advertising ID data to create detailed audience segments, allowing for more effective targeting.
• Ad Exchanges: These facilitate the buying and selling of ad inventory from multiple networks, matching ad requests with available inventory in real-time.
• Ad Networks: They aggregate ad inventory from various publishers and match it with advertiser demands to deliver targeted ads across a network of sites.

Important Note: While we strive to protect user privacy, third parties may potentially identify individuals by combining our disclosed information with other data sources they possess. While we take steps to minimize this risk, users should be aware of this possibility and understand their rights regarding their personal data.

Adorphic encourages users to review the privacy policies of Adorphic Third-Party partners to understand their data practices and to utilize available tools for managing their privacy preferences.

8. Social Network Sharing Features

Adorphic utilizes communication tools to share links with social networks. When you interact with features such as social media widgets or “share” buttons, the provider of these features may collect your IP address, the page you are visiting on our site, and may place cookies when you connect to their services. Your interactions with these features are subject to the privacy policy of the respective provider.

For more information on the cookies used by these websites, please refer to their specific privacy statements listed below:

• Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/
• LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
• Twitter Privacy Policy: https://twitter.com/privacy

9. International Data Transfers

As a global company, Adorphic may transfer personal data to countries outside of the European Economic Area (EEA). Such transfers will only take place using appropriate safeguards in line with applicable data protection laws such as:

• Adequacy decisions: Transferring data to countries deemed as providing adequate protection by the European Commission, such as transfers to Switzerland based on its adequacy status.
• Standard Contractual Clauses (SCCs): Using European Commission-approved SCCs to contractually obligate recipients to protect personal data in line with European General Data Protection Regulation (GDPR) standards.
• Derogations: In limited circumstances, Adorphic may rely on explicit consent from individuals or other applicable derogations under the applicable data protection law, GDPR, for data transfers.

By engaging with Adorphic's services, you acknowledge and expressly consent to the potential for your personal data to be transferred internationally in accordance with these safeguards.

10. Data Processing Methods

Adorphic employs state-of-the-art electronic tools and methodologies to process data securely and in compliance with applicable Data Protection Laws:

• Anonymization and pseudonymization: Adorphic uses randomized, anonymized user identification strings and salt and hash IP addresses to prevent direct identification of individuals.
• Data collection and storage: Adorphic's automated data collection via cookies, pixel tags, and similar technologies is stored in secure, encrypted systems protected by multi-layered access controls.
• Third-party data processing: Adorphic carefully selects and vets third-party data processing services, ensuring they maintain compliance with our stringent data protection standards through clear agreements.
• User control and transparency: Adorphic has integrated with Consent Management Platforms on participating Third-Party Partner publisher websites and adheres to the IAB Europe Transparency & Consent Framework where applicable.
• Compliance and security measures: Adorphic conducts regular audits of our data processing activities, provides continuous staff training, and has implemented a comprehensive Information Security Management System (ISMS) with clear incident response procedures.
• Continuous improvement: Adorphic regularly reviews and updates our practices, monitoring technological advancements and regulatory changes, and participates in industry working groups to stay at the forefront of privacy-enhancing technologies.

Adorphic conducts Data Protection Impact Assessments for processing activities likely to result in a high risk to individuals’ rights and freedoms, such as large-scale processing of special categories of data or systematic monitoring of public spaces. DPIAs are used to identify and mitigate data protection risks in line with the GDPR’s risk-based approach.

11. Data Security

11.1. Security Measures

Adorphic employs robust security measures to protect the personal data we process. This includes:

• Encryption: Adorphic uses encryption, which is a method of converting data into a secure format that can only be read by someone with the correct key. This is done both when data is being sent over the internet (in transit) and when it is stored (at rest). Adorphic uses industry-standard encryption protocols to ensure that your information remains confidential and secure from unauthorized access.
• Access Controls: Adorphic maintains strict access controls based on the principle of least privilege. This means that only authorized personnel can access personal data necessary for their specific job functions. This helps minimize the risk of unauthorized access to sensitive information.
• Monitoring: Adorphic regularly monitors our systems for potential vulnerabilities.
• Staff Training: We provide mandatory annual training and regular awareness campaigns to educate all staff on data protection best practices. This ensures that everyone in our organization understands their role in safeguarding user information.

11.2. Data Breach Notification

In the unlikely event of a confirmed data breach involving personal data, we have procedures in place to promptly notify affected individuals and relevant authorities. This includes:

• Notification Timeline: Adorphic will notify affected individuals and supervisory authorities without undue delay and no later than 72 hours after becoming aware of the breach.
• Notification Content: As far as possible, the notification will describe the nature of the breach, the likely consequences of the breach, and the measures we are taking to address the situation and mitigate potential harm.
• Notification Methods: Depending on the circumstances, Adorphic may notify affected individuals via email, postal mail, or prominent website notice. Adorphic will also notify the appropriate supervisory authority through official channels.

12. Children

The services of Adorphic are not intended for use by individuals under 16 years of age. We do not knowingly collect or process personal data from children under 16. In the event we discover that we have inadvertently collected Personal Data from a child under 16, we will promptly delete such data from our systems. If you believe we might have any data from or about a child under 16, please contact us immediately at privacy@Adorphic.com.

Adorphic requires its Third-Party publishing and advertising partners to contractually commit not to use our technology on pages targeting individuals under 16. For any processing based on consent for information society services potentially accessed by children, Adorphic adheres to the age of consent requirements specified in applicable Data Protection Laws.

13. Your Rights as a Data Subject

13.1. General Data Protection Regulation (GDPR)

If you are a citizen from the “European Territories,” meaning the European Economic Area (EEA) and Switzerland, under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

• Right of Confirmation and Access: You can request confirmation of whether Adorphic is processing your personal data and access that data. This includes information about processing purposes, data categories, recipients, storage period, data source, and the existence of automated decision-making.
• Right to Rectification: You can request correction of inaccurate personal data or completion of incomplete data without undue delay.
• Right to Erasure (“Right to be Forgotten”): In certain circumstances, you can request deletion of your personal data, such as when the data is no longer necessary for the original purpose or when you withdraw consent.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transferred directly to another controller where technically feasible.  
• Right to Withdraw Consent: You can withdraw your consent for data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.  
• Right to Object: You can object to the processing of your personal data, particularly for direct marketing purposes or when processing is based on our legitimate interests. If you object to processing for direct marketing, we will no longer process your data for these purposes.  
• Right to Object to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affects you, unless necessary for a contract, authorized by law, or based on your explicit consent.  
• Right to Restriction of Processing: You can request the restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.  

13.2. California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and applicable data protection laws:

• Right to Know and Access: You can request information about the personal data that Adorphic has collected in the past 12 months, including the categories of data, purposes for collection, and third parties with whom Adorphic has shared it.
• Right to Delete: You can request Adorphic to delete the personal information collected from you, subject to certain exceptions.
• Right to Opt-Out of Sales: If Adorphic sells your personal information, you have the right to opt-out of such sales.
• Right to Non-Discrimination: You have the right to exercise your CCPA rights free from discrimination.
• Right to Use an Authorized Agent: You can designate an authorized agent to make a request under the CCPA on your behalf.

13.3. Exercising Your Rights

To exercise any of these rights, please contact Adorphic at privacy@Adorphic.com.

Adorphic will respond to your request promptly, typically within one month.

Please note that while Adorphic respects your rights, Adorphic may need to retain certain information for legal or operational purposes. Adorphic will inform you about any limitations on your request and the reasons for such limitations.

For users in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority (Privacy Guarantor) if you believe that Adorphic has not complied with applicable data protection laws.

Adorphic processes personal data in accordance with the IAB Europe Transparency & Consent Framework where applicable. You can update your privacy preferences, including consent for Adorphic's processing operations, via the Consent Management Platform on participating publisher websites at any time.

14. Data Storage

Adorphic will process and store personal data only for the time necessary to fulfill the purpose for which it was collected or as required by law. Adorphic will retain data only for as long as needed to achieve the purposes outlined in our Privacy Policy, or if legally required for archiving or contractual purposes.

Retention periods are determined based on the type of data, the context of collection, and applicable legal or operational requirements. If the storage purpose is no longer applicable, or if a prescribed storage period expires, the personal data are routinely blocked or erased in accordance with legal requirements. In the event of consent revocation or if data retention is no longer justified based on principles of necessity, proportionality, adequacy, and relevance, the Data Controller will promptly proceed with data deletion or anonymization.  

For data processed on behalf of Publishers, Adorphic will retain such data in accordance with Publishers’ instructions or the terms of the relevant Publisher agreement.

15. Changes or Updates

Adorphic may modify this Privacy Policy to reflect changes in our practices, services, or applicable laws and regulations. Any material changes will be communicated to you through a notice on our website and, where possible, via email, prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically. The date of the latest revision will be clearly indicated at the top of the page. Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue your use of our services and contact us to delete your account.   

‍