Platform Privacy Policy

Version Date: 12 May 2025

This Platform Privacy Policy (“Platform Privacy Policy”/ “Policy”) describes how Aceex Sp. z o.o., registered at Domaniewska Street, #133 17-19, 02-672, Warsaw, Poland (“we”, “us”, or “our”, “Aceex”) collects, uses, and shares (collectively, processes) your personal data as a digital advertising marketplace - Aceex AdExchange Platform.

This Policy does not describe how we process your personal information relating to our website or in the course of business contacts with you as a representative of a business entity willing to cooperate with Aceex or being our existing partner. For information on how we process personal data relating to our website or during business contacts with you, please read our Website Privacy Notice.

None of the data we collect or share about you via our AdExchange Platform is connected to your clear-text name, contact information, or other information that could directly identify you as an individual. But it is connected to the cookies and other persistent identifiers affiliated with your unique online activity. So, while we (and the clients who use Aceex AdExchange Platform) may know about your device ABC123 and use it to serve that device ads as described below, we don’t know that device a person with your name uses ABC123.

About Us

Aceex Exchange Platform is a global digital advertising marketplace. Aceex’s partners enable our advertisement exchange platform services by placing bid requests and accepting such requests (executing bid responses). Our technology helps our partners deliver advertising to you in real time. Aceex Exchange Platform hosts digital auctions that help our clients buy and sell online ads (collectively, our Services). These ads can be found on websites, mobile applications (Apps), or video programming services, such as streaming apps on Smart TVs (collectively, “Digital Properties”).

As with any ad exchange platform, we act as an intermediary between buyers and sellers of ad space. Throughout this Policy, we refer to our partners that sell ad space, representing publishers, as SSPs (Supplier-Side Platforms). SSPs act as additional intermediaries in the digital advertising supply chain that operate publishers’ Digital Properties that you use or visit. A publisher is an individual or company that owns a Digital Property with an audience, including apps or websites. We refer to partners that buy ad space, representing advertisers, for placing their advertisement content, as DSPs (Demand-Side Platforms). DSPs act as additional intermediaries in the digital advertising supply chain that connect advertisers to the Aceex Exchange Platform to serve relevant ads to you on the publishers’ Digital Properties you visit. DSPs liaise with advertisers (for example, brands), advertising agencies, and ad networks. In summary, Aceex AdExchange Platform, SSPs and DSPs, and other ad exchanges act as intermediaries that connect advertisers with ad publishers to deliver relevant digital ads to you.

Personal Data we collect, use, and share (Process). Retention period

Aceex processes your personal data to provide our Services if SSPs and DSPs, or other ad exchange platforms (collectively, our Partners) permit us to do so. Below are the main types of personal data we process on the Aceex Exchange Platform. Our Partners predominantly determine the information we receive in bid requests and bid responses processed through the Aceex Exchange Platform.

In the process of our ad exchange operation, we may either process or transmit certain personal data. This data typically includes: device ID (IFA), IP address, country, region /state inside one country, city, zip code, lat/lon, carrier (mobile operator), user agent (browser), operation system, device type (TV, mobile, laptop, tablet), device manufacturer, device model, device version, connection type, device language, user (platform) ID, privacy choices (consents).

For instance:

Browser and Device Information: information about the type and version of your browser, user agent, device type (for example, laptop, mobile, TV), device model, mobile carrier, connection type, model, language, and operating system.

Digital Identifiers (Digital IDs): We process unique identifiers associated with the digital properties you use or with your account ID on some platforms. Digital Identifiers include:

  • cookie IDs: unique user identifiers assigned to cookies (small text files stored on your web browser when you visit a website);
  • device advertising IDs: unique user identifiers used for advertising purposes on various devices, including mobile devices, Connected TV (CTV) devices, and others.

Location Data: IP address, non-precise geolocation information such as city, country, zip code/postal code, and/or latitude and longitude data. We may employ precise geolocation information in the form of latitude and longitude beyond two decimal points.

Impression Data: data about your interaction with advertisements, like whether you clicked on the ad or not, the country where you opened the ad, the application in which you opened the ad, and at what time you clicked on the advertisement.

Privacy choices: your consent data according to GDPR, opt-outs according to US privacy laws, browser-based choices (GPC), device-based choices (Dnt, Lmt, Atts).

Retention period. Browser and Device Data, Location Data, Digital identities, and Privacy choices are processed by us in a real-time manner and are not stored. Specific tracking delivery cookies formed by Aceex at the moment of showing ads to you are created and stored on your device for 14 days (IP address and User agent (browser)). We store other Impression Data for 5 years. We may also create and retain anonymized information, and continue to use this information in accordance with this Policy. Without this data, we will not be able to operate our technology.

As you read our Privacy Policy, please also remember that the advertisement publishers and advertising partners you interact with as you engage online and in the real world have their privacy policies that govern how they collect and use your data, including when they may share your data with advertising partners like us. These policies and practices may differ from what you read in our Privacy Policy. To fully understand how your data is being collected, used, and shared, you should always carefully read the privacy policy of any website you access, any app you use, and any social network page through which you share information.

Purposes and Legal Bases for Processing Personal Data

We process your personal data to provide our Services when it is permitted by law and supported by a valid legal justification (legal basis). We rely on the Legal Basis of consent for the following processing activities:

  • Deliver and present advertising and content: selection and delivery of an ad based on real-time data (e.g., information about app type, non-precise geolocation data, precise geolocation data to select and deliver an ad in the moment, without storing it).
  • Ad reporting: to verify that an ad was delivered to you with accuracy.
  • Cookie syncing: to match your cookie IDs to provide more effective delivery of relevant ads to you. Cookie syncing enables the sharing and use of personal data between SSPs and DSPs/Ad Exchanges that are involved in buying and selling digital ad space.
  • Impression counting and frequency capping: to count the number of times ads are displayed against a Digital ID and to limit the number of times an ad is seen. For this type of processing, we use statistical pixels added to the advertisement.

We rely on the legal basis of legitimate interest for the following processing activities:

  • Invalid traffic detection: to prevent fraud, malware, and other unacceptable behavior. For these types of processing, we use analytical pixels of our vendors (for example, Pixalate). Aceex relies on legitimate interest to ensure the security of our digital advertising processes. This includes implementing measures to prevent and detect fraudulent activities that could compromise user data and our advertising integrity. By monitoring for unusual patterns and behaviors, we can identify potential security threats and take appropriate action to mitigate risks.
  • Deliver advertising: to receive and respond to an ad request or a user’s interaction with an ad, to deliver ad files to an IP address or to send the user to a landing page; and to log that an ad was delivered, without recording any personal data about the user. For this purpose, we use certain information (like an IP address) to facilitate the transmission of the ad to the user’s device.
  • Reading your privacy choices: to view and enforce your opt-out choices, and honor your privacy choices/rights. We utilize legitimate interest to save and communicate users’ privacy choices regarding data processing preferences. This ensures that users are informed about how their data is used while allowing us to respect their choices effectively.

We will rely on the legal basis of legal obligations for the following processing activity:

  • Privacy Obligations: to enforce data protection audits or requests made by our Partners that share the data with us, or to fulfill the order of data protection authorities. For this purpose, we may share Impression Data.
Sharing Personal Data

We may disclose or share (collectively, share) your personal data with the following partners to deliver ads to you:

SSPs and DSPs: We share your personal data with our Partners to deliver ads to you. Each Partner processes Personal Data under its privacy policies and the privacy policies of direct advertisers.

Vendors and service providers: our third-party vendors help us provide our Platform Services. Please note that for the ads we help deliver, pixels are used, enabling third parties to Process Personal Data for purposes such as measuring ad performance or preventing fraud.

Our vendors include:

HQ Host by ALLUS Online Corp (affiliate of IPIPE International Corp.), a data hosting provider in the USA. Address: 100 Delawanna Ave, Clifton, NJ 07014, USA. HQ Host’s Privacy Policy.

Serverel by Serverel Inc., a data hosting provider in the EU. Address: 1111 West El Camino Real, STE 133-150, Sunnyvale, CA 94087, USA. Serverel’s Privacy Policy.

Melbicom by Melbikomas UAB, a data hosting provider in Singapore. Address: Svitrigailos str. 11B, LT 03228 Vilnius, Republic of Lithuania. Melbicom’s Privacy Policy.

MaxMind by MaxMind Inc., geolocation enrichment service. Address: 51 Pleasant Street #1020, Malden, MA 02148, USA. MaxMind’s Privacy Policy.

Pixalate by Pixalate, Inc., advertising fraud prevention, invalid traffic (“IVT”) detection, and data intelligence service. Address: 1775 Greensboro Station Place, McLean, VA 22102, USA. Pixalate’s Privacy Policy.

Your Rights

You have the following rights regarding your personal data:

  1. Right of access
  2. Right to rectification
  3. Right to erasure
  4. Right to restrict processing
  5. Right to data portability
  6. Right to object
  7. Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. By using the device-based “opt-out” signals described in Section “How to Opt Out of Ads” Section below, you may withdraw consent for processing on which we rely on consent.. We receive them from SSPs or DSPs we work with.
  8. The right to lodge a complaint with a supervisory authority.
  9. The existence of any automated decision-making processes that will be applied to the data, including profiling, and meaningful information about how decisions are made, the significance, and the consequences of processing.
How to Opt Out of Ads

If you want to be excluded from advertising, you can always do so by opting out of further data processing for purposes of delivering ads to you. Steps to opt out of advertising:

  • Cookie Consent Banners: When visiting websites, pay attention to cookie consent banners. You can usually reject non-essential cookies that are used for advertising purposes.
  • Identify the Source: Determine which organization or platform sends you advertisements or processes your data. This could be a specific website or app.
  • Review Privacy Policies: Check the privacy policies of services you use to understand how they handle data and what options you have for opting out.
  • Use Privacy Settings: manage your consent preferences at platforms/apps in the website section "Privacy Dashboard" - look there for options to opt out of personalized advertising or data processing.
  • Browser Settings: Adjust your browser settings to block third-party cookies (“Settings” → “Privacy and security” → “Ad privacy”/ “Third-party cookies” → “Send a "Do Not Track" request with your browsing traffic”) or use incognito mode to limit tracking while browsing.

As an option, you can use Global Privacy Control (GPC): it is a privacy feature that allows you, as an internet user, to easily communicate your privacy preferences to websites you visit. It's essentially a browser setting or extension that automatically tells websites not to sell or share your personal information. Here's how it works for you: 1) you enable GPC in your browser or install a GPC-compatible extension, 2) when you visit a website, your browser automatically sends a GPC signal to that site, the website receives this signal and, if it supports GPC, adjusts its data handling practices accordingly. GPC is supported by several popular browsers like Firefox, Brave, Chrome, Edge, and DuckDuckGo. If your preferred browser doesn't have built-in GPC support, you can often add it through a browser extension. It's important to note that while GPC is a powerful tool for protecting your privacy, its effectiveness depends on websites recognizing and honoring the signal. Depending on where you live, the GPC flag will exercise your legal right to opt out. For example, if you live in California or Colorado, many sites are legally bound to respect your GPC signal by not selling your data.

Controls for do-not-track-features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. The same exists in mobile phones as LMT (“Limit Ad Tracking”) or ATTS (App Tracking Transparency, used in Apple’s opt-in privacy framework) signals. At this stage, no uniform technology standard for recognising and implementing all these signals has been finalised. You may use this setting mechanism to communicate your choice not to be tracked online automatically. A request will be included with your browsing traffic. Any effect depends on whether a Digital Property responds to the request and how the request is interpreted. For example, some Digital Properties may respond to this request by showing you ads that aren't based on other Digital Properties you've visited. Many Digital Properties will still collect and use your browsing data - for example, to improve security, to provide content, services, ads, and recommendations on their Digital Properties, and to generate reporting statistics.

Please note that by deleting cookies or disabling future cookies, you may be unable to access certain areas or features of websites, apps, etc. To find out how to manage cookies in your browser, please visit one of the links below:

International Transfers of Personal Data

Aceex is an EU company with vendors in the USA, Europe, Singapore, Ukraine, and other non-EU countries. To provide our Services, we may transfer your personal data internationally to our vendors or through any international data center locations.

When we transfer personal data outside the European Economic Area, the UK, or Switzerland, we ensure that appropriate legal protections are in place. These protections may include a transfer mechanism such as the Standard Contractual Clauses approved by the European Commission, adequacy decisions or binding corporate rules.

Automated decisions (profiling)

We do not employ automated decision-making (automated profiling) to automatically assess aspects of your personality for processing your personal data in our services, facilitating and intermediating the advertisement.

Changes to this Policy

We may update this Policy from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The date at the top of this Policy reflects the most recent changes made. We encourage you to review this Policy for the latest information on our privacy practices and to contact us if you have any questions or concerns.

Our Contacts

If you have any questions, concerns, requests or complaints about the above or our privacy practices, please contact us by email at privacy [at] aceex.io or by post at ul. Domaniewska, #133 17-19, 02-672, Warsaw, Poland.

If you have questions about data that is used primarily by a Digital Property on which our technology is embedded, or companies that serve ads that use our technology, you should contact those companies regarding questions about the personal data they handle and control.

EU: TCF (IAB Europe Transparency and Consent Framework)

Aceex participates in the IAB Europe Transparency & Consent Framework as a Vendor and complies with its Specifications and Policies. Aceex’s Vendor ID within the framework is 1387.

USA: GPP (The IAB’s Global Privacy Platform)

Aceex is a signatory of the IAB Tech Lab’s Multi-State Privacy Agreement (MSPA), an industry contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with the US states privacy laws, and supports the US National String made available by IAB Tech Lab.

Previous versions:

(“Platform Privacy Policy as of 31.01.2025”)

(“Platform Privacy Policy as of 14.02.2025”)