GDPR

DATA PROCESSING INFORMATION CLAUSE

Data Controller Digital Data Marketing Technology, Inc.

30 Wall St., 8th Floor
New York, NY, 10005

Blue Digital Data, LTD.
Oasis Business Centre, Oficina 9, Ctra. de Cádiz km 176
29602 Marbella, Málaga

acting as joint controllers.
Purpose of the processing To provide advertising services based on user behavior, which is the delivery and optimization of digital advertisements to each user, on third party digital properties.
Categories of personal data In order to provide our services, we collect:
• Attribution of unique identifiers, such as cookie IDs and mobile advertising IDs;
• Technical browser and device information as (“user agent”);
• URLs of the web pages visited by each user (“referrer”)
• Data related to each user activity on the digital environment held by our Client, as IDs of products or product categories seen by the user (we act as data processor on behalf of our clients);
• Timestamps (to understand when the user visited our client's environment and saw products so we understand when he is more likely to convert);
• IP addresses (collected outside of advertiser’s website for fraud detection / general geo location purposes).
Legal basis for the processing The legal basis of the processing operations is the user consent. Each user have the right to withdraw his consent for processing of his personal data at any moment by opting-out from our services at: https://www.getblue.io/optout due to identifying non-human traffic, bots and assuring the safety and continuity of our services, we may process user's personal data pursuant to Article 6 Section 1 (f) of GDPR.
Recipients of the personal data • Joint Controllers (Digital Data Marketing Technology, Inc. and Blue Digital Data, LTD.)
• Our Business partners (e.g. Supply Side Platforms, which support us in delivery of personalised advertisements);
• Our Processors (e.g. Data Centers, IT service providers) where such entities process data on the basis of a contract with the Controller and only in accordance with the Controller‘s instructions.
Data subjects rights Users have the following rights related to his personal data:
• The right to withdraw the consent of usage to the processing at any time;
• The right to request the personal data to be erased where it is no longer necessary for Digital Data Marketing Technology, Inc. to retain such data;
• The right to request that the Digital Data Marketing Technology, Inc. corrects any personal data if it is found to be inaccurate or out of date;
• The right, where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction to be placed on further processing;
• The right to obtain the controller restriction of processing as referred to in Article 18 of GDPR;
• The right to object to processing the personal data for direct marketing purposes;
• The right to access to the personal data;
• The right to request that the data controller provides you with your personal data and where possible, to transmit that data directly to another data controller. You are entitled to request a copy of your personal data which Digital Data Marketing Technology, Inc. holds about you.
Data Protection Officer We have appointed a Data Protection Officer (DPO), which is the person the user can contact when issues related to processing of personal data and exercise of rights concerning processing personal data are found. Our DPO can be reached throught the following means: - by mail, to the following address: 30 Wall St., 8th Floor New York, NY, 10005 - by e-mail: dpo@getblue.io
Profiling While processing user's personal data, we make a certain type of profiling with the objective to create and understand segments of interests, based on their personal preferences. Besides, this action in retargeting services does not affect any legal part concerning data subjects. Furthermore, the services we provide does not result in price discrimination among user, based on their behavioural profile.
Retention period The personal data collected within our activity is stored for the time it is necessary for performance of retargeting services and for client’s requests regarding to the services. After that, the data is encrypted, anonymised and stored on the Controller‘s servers only for archival, statistical and settlement purposes. At any time, we respond to any data issue that may refer to the right of being forgotten by deleting or anonymising any personal data related to such data subject.
Transfers to third country and safeguards Digital Data Marketing Technology, Inc. shall not transfer or permit any Personal Data to be transferred to a territory outside of the EEA unless the proper measures were taken in order to ensure the transfer is in compliance with Applicable Laws. Such measures may include transferring the Personal Data to a recipient in a country that the European Commission has decided that provides adequate protection for Personal Data as referred to in Article 45 of GDPR or to a recipient in the United States that has certified compliance with the EU-US Privacy Shield framework. It is possible to check the list of the countries which the European Commission recognised as providing adequate protection by clicking here. Furthermore, it is possible to obtain a copy of the security policy of transferring the data outside the EEA and in order to obtain it, please contact our Data Protection Officer.
Further Processing In case our company decides to use user's personal data for a new purposes, not covered by this notice, we will provide a notice containing the explanation of the new usage, detailing the relevant purposes and processing conditions. In all cases, we will seek each user consent to new processing.
Contact details and lodging a complaint with supervisory authority In order to exercise all relevant rights, such as queries of complaints, please, contact the Digital Data Marketing Technology, Inc. via e-mail dpo@getblue.io, in the first instance. Furthermore, users are entitled to proceed with a complaint with the competent supervisory authority, in particular, in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. It is possible to check the contact details to supervisory authorities which have jurisdiction over our activity below:

Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
e-mail: internacional@agpd.es
Website: https://www.agpd.es/

Art 29 WP Member: Ms María del Mar España Martí, Director of the Spanish Data Protection Agency