OnHolland – Privacy and Data Protection Statement
Aiming to comply with the transparency and information requirement set in articles 13 and 14 of the GDPR set out in the EU regulation 2016/679 (GDPR), OnHolland has set up privacy & data protection statements. These are to inform you of how we collect and use certain information concerning Internet and users, in the course of our mobile advertising services.
Table of contents
1. • Who is OnHolland
2. • What is our business
3. • What categories of data we process or collect
4. • How we process data
5. • What categories of data we do not process or collect
6. • What do we use this data for
7. • Processing data in aggregate
8. • Retaining data
9. • Sharing
10. • Legal basis for our data processing
11. • Exercise your rights
12. • Changes in this policy
Who is OnHolland OnHolland is a Dutch l company operating, with an office in The Netherlands, 35C Louise De Colignystraat, 1055 XN in Amsterdam, and is registered at Kamer Van Koophandel 75151391.
What is our business OnHolland utilizes platforms that power advertisements that can appear on web sites and applications on your mobile devices. Through our doing, you may interact directly with our platforms’ servers (for example when you click on an ad) or indirectly through the mobile website or application that is displaying the ads. We are working with a selection of platforms: DSP’s, data vendors, location services, which we can share with you upon request.
What categories of data we process
When you visit a website or use an application that uses one of our platforms’ technologies, certain information about you and your device will be collected for the purpose of serving advertisements to you.
Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered personal data in some jurisdictions, such as the European Union.
The following information that may be regarded as personal data will be processed:
• • IP address,
• • Device identifiers such as cookie identifiers and unique device identifiers,
• • Data concerning the displaying of the advertising, such as date/time of viewing, and the website or application where the advertisement was displayed,
• • Certain data concerning your activities and actions on the advertiser sites, in case you click on the advertising
• • Geolocation (including city, region, country, zip code, and potentially geographic coordinates if you have enabled location services on your device).
How data is collected and/or processed
Practically all of the data is not directly collected by OnHolland, but collected and transferred to our platforms’ through their third party suppliers within the online advertising supply chain, such as real time bidding markets. Where applicable and required, such parties have obtained consent or written agreement from the relevant data subjects, in order to transfer their data to our platforms’. OnHolland, in turn is processing this data through the platforms to deliver mobile advertising campaigns to clients.
Our platforms work with the following real time bidding markets:
• • AdColony
• • AdYouLike
• • AppNexus
• • Avocarrot (Glispa Connect)
• • Axonix
• • Bee7
• • Cheetah
• • Daily Motion
• • DoubleClick
• • Flurry
• • Fyber
• • Gameloft
• • Glispa
• • GoogleAdx
• • ImproveDigital
• • Inneractive
• • Ligatus
• • LiveRail
• • MADS
• • Mars Media Group
• • Max
• • MobFox
• • Mobilda
• • MoPub
• • One by AOL
• • OpenX
• • Pubmatic
• • Rubicon
• • Smaato
• • SmartAdServer
• • StickyAds
• • SpotX
• • TapIt
• • TappX
• • TapSense
• • Teads
• • Vungle
• “Tags and Pixels” are blocks of code that our platforms and our customers may use to track your navigation of websites or apps using our technology, and your browsing behaviour. Our platforms use pixels to synchronize information that they have collected with information independently collected by our suppliers, clients, and other third parties that are interested in providing you with ads.
• “SDKs” or “Software Development Kits” are blocks of code similar to tags and pixels that are embedded into an app that allow us to track certain information relating to your use of apps using our technology.
• Our platforms also use standard device identifiers, for example the “IDFA” advertising identifier used on Apple’s iOS devices, to track your use of mobile apps.
• Additionally, we use other technologies, including locally stored objects, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.
Third Party Service Providers we work with: AdSquare (adsquare.com), a mobile data exchange who can work as a Data Provider for our customers. Tamoco (tamo.co), a mobile data exchange who can work as a Data provider for our customers. However, when we use third party service providers, we disclose only the Personal Information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for any other purposes. Please be reassured that we will not release your information to third parties beyond the Ads serving process we’ve described, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
What categories of data will not be collected or processed
We do not collect nor process the following categories of data:
• • Data that might be regarded as sensitive under Article 9 GDPR, that is information concerning your race, sexual orientation, political affiliation or religious beliefs, among others.
• • Data that might be used for the purpose of online behavioural advertising, that is data concerning your Internet navigation over time, and that might be used in order to infer your personal interests.
What this data is used for
We use the categories of data mentioned above primarily in order to deliver to you targeted advertising we believe will be of particular interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
In particular, we can divide all the potential processing of the data in three different categories:
1. (1) Buying advertising slots and managing campaigns. By using device identifiers and contextual data such as geolocation, visited website, and date and hour of visit, we can deliver advertisement specifically to your phone. Managing advertising campaigns also means that we use your data for ancillary activities, such as enabling standard advertising controls, and to protect and investigate fraudulent or illegal activity.
2. (2) Monitoring campaign performance. By using our platforms’device and cookie identifiers, we can track whether users that click on or simply see the advertisement we manage actually visit the website of our clients, and whether they actually buy or subscribe to any product or service.
3. (3) Retargeting and segmenting. At the request of our clients, we might create lists of devices that we want to target in our campaigns, because they have previously carried certain activities, such as visiting our client’s website. In doing so, we segment Internet users into different audiences that can be targeted separately. In such operations, Smadex doesn’t act as data controller, but as data processor.
We do not carry out automated decision-making processes, as described in Article 22 GDPR.
Processing data in aggregate In addition to all the uses detailed above, we process user data derived from our platforms as an aggregate, anonymous and non-individual level, in order to (1) operate and improve our technology, (2) conduct research and development, (3) report on campaign performance with our clients, and (4) carry out campaign forecasting. Data processed in aggregate is not regarded as personal data, as it does not relate to any particular identified or identifiable person.
Retaining data We may store the information we collect through our platforms, such as IP address and other information described above, for up to 90 days before we aggregate that data into summary reports. Through our platforms, we store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for longer than 90 days.
We share the data with other companies operating in the online advertising industry, in order to carry out the campaign management, performance monitoring, and retargeting and segmenting functioned outlined above.
In particular, we may enter data processing agreements with the following categories of data recipients:
• • With real time bidding platforms, for the purpose of managing advertisement campaigns.
• • With our clients (i.e. advertising agencies and advertising networks), for the purposes of retargeting and segmenting.
• • With trackers, data management platforms and technology suppliers, for the purpose of performance monitoring, and in order to carry out retargeting and segmenting.
• • Where our operations entail a transfer of data outside the European Economic Area, Smadex has entered into ‘model clause’ agreements with the relevant data recipient.
Legal basis of data processing The data processing operations described above are carried out on the grounds of two autonomous and independent legal basis. In addition to that, OnHolland makes an effort to obtain consent from the relevant data subjects for all data being processed. Given that OnHolland nor its platforms do not interact directly with Internet end users, consent must be obtained and transferred by other companies within the advertising supply chain that have a direct relationship with the end user. In order to obtain, transfer and revoke such consent, we use the following technological solutions: The IAB standard for GDPR consent management.
Exercise your rights If you are a resident of the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, deleted. You also have the right to withdraw any consent. If you would like to exercise this right, please request our Data Subject Rights Policy for instructions on how to do so. Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, we require you to provide us with some additional information to ensure that we provide you with accurate information. In addition, you may also opt-out of receiving marketing communications from OnHolland. If you would like to exercise this right, please write to us at the contact details provided below.
Contact OnHolland Please do not hesitate to contact us in case you want to exercise any of your data protection rights, or if you have any question concerning our privacy and data protection policy. We can be contacted at the following online: info@OnHolland.nl You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Information Commissioner’s Office (NL’s independent authority).