Platform Privacy Policy

Version Date: 31 January 2025

This Platform Privacy Policy (“Platform Privacy Policy”/ “Policy”) describes how Aceex Sp. z o.o., registered at Domaniewska Street, #133 17-19, 02-672, Warsaw, Poland (“we”, “us”, or “our”, “Aceex”) collects, uses, and shares (collectively, processes) your Personal Data as a digital advertising marketplace - Aceex AdExchange Platform.

This Policy does not describe how we process your personal information relating to our website. For information on how we process personal data relating to our website, please, read our Website Privacy Notice.

None of the data we collect or share about you via our AdExchange Platform is connected to your clear-text name, contact information, or other information that could directly identify you as an individual. But, it is connected to the cookies and other persistent identifiers affiliated with your unique online activity. So, while we (and the clients who use Aceex AdExchange Platform) may know about your device ABC123 and use it to serve that device ads as described above, we don’t know that device a person with your name uses ABC123. At the same time, Aceex AdExchange Platform doesn’t support “targeted” or “cross-context behavioral”, or “interests-based” advertisement delivery.

About Us

Aceex Exchange Platform is a global digital advertising marketplace. Aceex’s clients enable our advertisement exchange platform services by placing bid requests and accepting such requests (executing bid response). Our technology helps our clients deliver advertising to you. Aceex Exchange Platform hosts digital auctions that help our clients buy and sell online ads (collectively, our Services). These ads can be found on websites, mobile applications (Apps), or video programming services, such as streaming apps on Smart TVs (collectively, “Digital Properties”).

As with any ad exchange platform, we act as an intermediary between buyers and sellers. Throughout this Policy, we refer to our clients that sell ad space, representing publishers, as SSPs (Supplier-Side Platforms). SSPs operate publishers’ Digital Properties that you use or visit. A publisher is an individual or company that owns a Digital Property with an audience, including apps or websites.

We refer to clients that buy ad space, representing advertisers, as DSPs (Demand-Side Platforms). DSPs act as additional intermediaries in the digital advertising supply chain that connect advertisers to the Aceex Exchange Platform to serve relevant ads to you on the publishers’ Digital Properties you visit. DSPs liaise with advertisers (for example, brands), advertising agencies, and ad networks. In summary, Aceex AdExchange Platform, SSPs and DSPs and other ad exchanges act as intermediaries that connect advertisers with ad publishers to deliver relevant digital ads to you.

Personal Data we collect, use and share (Process). Retention period

Aceex Processes your Personal Data to provide our Services if SSPs and DSPs, or other ad exchange platforms (collectively, our Clients) permit us to do so. Below are the main types of Personal Data we process on the Aceex Exchange Platform. Our Clients predominantly determine the information we receive in bid requests and bid responses processed through Aceex Exchange Platform.

In the course of our ad exchange operation, we may either process or transmit certain personal data. This data typically includes: device ID (IFA), IP address, country, region /state inside one country, city, zip code, lat/lon, carrier (mobile operator), user agent (browser), operation system, LMT= Limit ad Tracking, DNT = Do not track, device type (TV, mobile, laptop, tablet), device manufacturer, device model, device version, connection type, user (platform) ID.

For instance:

Browser and Device Information: information about the type and version of your browser, user agent, device type (for example, laptop, mobile, TV), device model, (mobile) carrier, connection type, model, and operating system.

Digital Identifiers (Digital IDs): we process unique identifiers that are associated with the digital properties you are using or with your account ID on some platform. Digital Identifiers include:

  • cookie IDs: unique user identifiers assigned to cookies (small text files stored on your web browser when you visit a website);
  • device advertising IDs: unique user identifiers used for advertising purposes on various devices, including mobile devices, Connected TV (CTV) devices, and others.

Location Data: IP address, non-precise geolocation information such as city, country, zip code/postal code, and/or latitude and longitude data. SSP may provide us with precise geolocation information in the form of means latitude and longitude beyond two decimal points.

Impression Data: data about your interaction with advertisements, like whether you clicked on the ad or not, the country where you opened the ad, the application in which you opened the ad, and at what time you clicked on the advertisement.

Privacy choices: user’s consent data according to GDPR, application of COPPA/CCPA regulation to user’s data (LMT= Limit ad Tracking, DNT = Do not track).

Retention period. Browser and Device Data, Location Data, Digital identities, and Privacy choices are processed by us in a real-time manner and are not stored. Specific cookies formed by Aceex at the moment of showing ad to you are created and stored at your device for 14 days. We store Impression Data for 5 years. We may also create and retain anonymized information, and continue to use this information in accordance with this Policy.

Please note that without this data we will not be able to operate our technology.

As you read our Privacy Policy, please also remember that the advertisement publishers and advertising partners you interact with as you engage online and in the real world have their own privacy policies that govern how they collect and use your data, including when they may share your data with advertising partners like us. These policies and practices may differ from what you read in our Privacy Policy. To fully understand how your data is being collected, used, and shared, you should always carefully read the privacy policy of any website you access, any app you use, and any social network page through which you share information.

Purposes and Legal Bases for Processing Personal Data

We Process your Personal Data to provide our Services when it is permitted by law and supported by a valid legal justification (Legal Basis). We rely on the Legal Basis of consent for the following Processing activities:

  • Deliver and present advertising and content: selection and delivery of an ad based on real-time data (e.g., information about app type, non-precise geolocation data, precise geolocation data to select and deliver an ad in the moment, without storing it).
  • Ad reporting: to verify an ad was delivered to you with accuracy.
  • Cookie syncing: to match your cookie IDs to provide more effective delivery of relevant ads to you. Cookie syncing enables the sharing and use of Personal Data between SSPs and DSPs/Ad Exchanges that are involved in buying and selling digital ad space.
  • Impression counting and frequency capping: to count the number of times ads are displayed against a Digital ID and to limit the number of times an ad is seen. For this type of processing, we use statistical pixels added to the advertisement.

We rely on the Legal Basis of legitimate interest for the following Processing activities:

  • Invalid traffic detection: to prevent fraud, malware, and other unacceptable behavior. For these types of processing, we use analytical pixels of our vendors (for example, Pixalate). Aceex relies on legitimate interest to ensure the security of our digital advertising processes. This includes implementing measures to prevent and detect fraudulent activities that could compromise user data and our advertising integrity. By monitoring for unusual patterns and behaviors, we can identify potential security threats and take appropriate action to mitigate risks.
  • Deliver advertising: to receive and respond to an ad request or a user’s interaction with an ad, to deliver ad files to an IP address or to send the user to a landing page; and to log that an ad was delivered, without recording any personal data about the user. For this purpose, we use certain information (like an IP address) to facilitate the transmission of the ad to the user’s device.
  • Reading your privacy choices: to view and enforce your opt-out choices, and honor your privacy choices/rights. We utilize legitimate interest to save and communicate users’ privacy choices regarding data processing preferences. This ensures that users are informed about how their data is used while allowing us to respect their choices effectively.

We will rely on the Legal Basis of legal obligations for the following Processing activity:

  • Privacy Obligations: to enforce data protection audits or requests made by our Clients that share the data with us or to fulfill the order of data protection authorities. For this purpose, we may share Impression Data.
Sharing Personal Data

We may disclose or share (collectively, Share) your Personal Data with the following partners to deliver ads to you:

SSPs and DSPs: we share your Personal Data with our Clients to deliver ads to you. Each Client processes Personal Data in accordance with its own privacy policies and the privacy policies of end advertisers.

Vendors and service providers: our third-party vendors help us provide our Platform Services. Please note that for the ads we help deliver, pixels are used, enabling third parties to Process Personal Data for purposes such as measuring ad performance or preventing fraud.

Our vendors include:

HQ Host by IPIPE International Corp., a data hosting provider in the USA. Address: 100 Delawanna Ave, Clifton, NJ 07014, USA. HQ Host’s Privacy Policy.

Serverel by Serverel Inc., a data hosting provider in the EU. Address: 1111 West El Camino Real, STE 133-150, Sunnyvale, CA 94087, USA. Serverel’s Privacy Policy.

Melbicom by Melbikomas UAB, a data hosting provider in Singapore. Address: Svitrigailos str. 11B, LT 03228 Vilnius, Republic of Lithuania. Melbicom’s Privacy Policy.

MaxMind by MaxMinc Inc., geolocation enrichment service. Address: 51 Pleasant Street #1020, Malden, MA 02148, USA. MaxMind’s Privacy Policy.

Pixalate by Pixalate, Inc., advertising fraud prevention, invalid traffic (“IVT”) detection, and data intelligence service. Address: 1775 Greensboro Station Place, McLean, VA 22102, USA. Pixalate’s Privacy Policy.

International Transfers of Personal Data

Aceex is an EU company with vendors in the USA, Europe, Singapore, Ukraine, and other non-EU countries. To provide our Services, we may transfer your Personal Data internationally to our vendors, or through any international data center locations.

When we transfer Personal Data outside the European Economic Area, UK, or Switzerland, we ensure that appropriate legal protections are in place. These protections may include a transfer mechanism such as the Standard Contractual Clauses approved by the European Commission, adequacy decisions, or binding corporate rules.

Changes to this Policy

We may update this Policy from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The date at the top of this Policy reflects the most recent changes made. We encourage you to review this Policy for the latest information on our privacy practices and to contact us if you have any questions or concerns.

Our Contacts

If you have any questions, concerns, or complaints about the above or our privacy practices, please contact us by email at privacy@aceex.io or by post at ul. Domaniewska, #133 17-19, 02-672, Warsaw, Poland.

TCF.

Aceex participates in the IAB Europe Transparency & Consent Framework as a Vendor and complies with its Specifications and Policies. Aceex’s identification number within the framework is "Vendor ID to be indicated".