Privacy & Data Protection
This policy applies to the following websites that are operated or controlled by IAB Europe:
IAB Europe processes personal data in accordance with applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
3.1 Collection of personal data
IAB Europe collects or obtains personal data from Data Subjects from the following sources:
- IAB Europe obtains personal data when those data are provided by Data Subjects (e.g., where an applicant provides a CV or Data Subjects contact IAB Europe via email or telephone, or by any other means);
- IAB Europe collects or obtains personal data in the ordinary course of its relationship with Data Subjects (e.g., when IAB Europe provides a service to Members, Users and TCF Participants);
- IAB Europe collects or obtains personal data that Data Subjects manifestly choose to make public, including via social media or other public forums (e.g., IAB Europe may use information associated with a Stakeholder’s social media profile(s), about events he/she participated, and any communications that he/she makes publicly available);
- IAB Europe collects or obtains personal data when Data Subjects visit the Websites or use any features or resources available on or through the Websites;
- IAB Europe collects or obtains personal data when its Members, Users and TCF Participants use, or register to use, the Websites or any Services (e.g., through the registration form completed by the Member or TCF Participant);
- IAB Europe also creates personal data about Data Subjects in certain circumstances, such as records of Data Subjects’ interactions with it.
3.2 Personal data processed by IAB Europe
IAB Europe processes, for the purposes listed in Section 4, the following types of personal data:
- Identification data, e.g. user name, password, real name and first name, email address and professional contact details;
- Employer details, e.g. where a Data Subject interacts with IAB Europe in their capacity as an employee of a third party, the name, address, telephone number and email address of the employer, to the extent relevant;
- Views and opinions, e.g. any views and opinions that a Data Subject chooses to send to IAB Europe, or publicly post about IAB Europe on social media platforms or other public forums;
- Information provided by applicants, such as their CV; and
- Any other information voluntarily transmitted to IAB Europe by the Member for a specific purpose.
3.2.1 « Cookies »
3.2.2 Data recorded on our servers
When the User, the Member or TCF Participant accesses the Websites, the relevant servers automatically record the following data which are not made visible on the Websites: the type of domain from which the User or the Member connects to the Internet, the IP address allocated to them (at the moment of the connection), the date and time of access to the Site, the pages viewed and the activities undertaken, the type of browser used, the platform and/or the operating system used, the search engine and the keywords used to find the Websites.
Purposes of the data processing and legal bases for the processing
4.1 General purposes
The purposes for which IAB Europe may process the personal data of Data Subjects, subject to applicable law, include:
- Provision of the Websites and Services: providing the Websites to Users, Members and TCF Participants; providing Users, Members and TCF Participants with promotional items at their request; managing and evaluating the participation of the TCF Participants in the framework; and communicating with Users, Members and TCF Participants in relation to those services;
- Improving the Websites and services: identifying issues with the Websites or services; planning improvements to the Websites or services; and creating new websites, or services;
- Marketing communications: communicating with Data Subjects via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which they may be interested, subject to ensuring that such communications are provided to Data Subjects in compliance with applicable law;
- Contribute to the and participate in the public policy debate around digital advertising: including, responding to and otherwise interacting with relevant Stakeholders; gauging their interest in events; and request meetings for discussion;
- Communications and IT operations: management of IAB Europe’s communications systems; operation of IT security; and IT security audits;
- Legal compliance: compliance with IAB Europe’s legal and regulatory obligations under applicable law;
- Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.
4.2 Sensitive personal data
IAB Europe does not seek to collect or otherwise process Sensitive Personal Data in the ordinary course of its business. Where it becomes necessary to process Sensitive Personal Data of Data Subjects for any reason, IAB Europe will only do so in compliance with the law.
4.3 Legal bases for processing
- The processing is necessary for the performance of a contract to which the User, Member of TCF Participant is a party;
- The processing is necessary for IAB Europe’s legitimate interests, as set out herein (e.g., processing personal data about the TCF participants for administration purposes and processing data of applicants);
- IAB Europe is required to comply with a legal or statutory obligation in the EU or a Member State (e.g., for tax purposes relating to TCF Participants’ contributions).
Transfer to third parties
We may provide your personal data to companies that provide services to help us with our business activities (‘data processors’). These companies are authorized to use your personal data only as necessary to provide these services to us.
IAB Europe transmits the personal data of Data Subjects to third-party services to the extent to which these data are required for the performance of the relevant Services. Any such partner will not communicate these personal data to third parties, except in the following situations: (i) if and to the extent that this communication is necessary for the contract’s performance, and (ii) if the partner is obliged to communicate certain information or documents to a public authority, as required by law, such as to comply with a subpoena, or similar legal process and (iii) if IAB Europe is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/ or prominent notice on our Websites of any change in ownership or uses of your personal data, as well as choices you may have regarding your personal data. The communication of information to the persons set out in point (ii) shall, in any case, be limited to that which is strictly necessary or required by applicable law.
If IAB Europe engages a third-party processor to process personal data of Data Subjects, the processor will be subject to binding contractual obligations to: (i) only process the personal data in accordance with IAB Europe’s prior written instructions; and (ii) use measures to protect the confidentiality and security of the personal data; together with any additional requirements under applicable law.
International transfer of personal data
Some of our data processors are located outside the EU (‘third countries”). Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries here. Transfers to our data processors located in other third countries take place using an acceptable data transfer mechanism, such as the Privacy Shield for transfers to self-certified US organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or, in exceptional circumstances, on the basis of permissible statutory derogations.
IAB Europe uses physical, technical and administrative measures to protect the Users’ information against loss, theft and unauthorized use, disclosure or modification. While IAB Europe strives to protect the information it maintains, it cannot guarantee or warrant the security of any information that the Users transmit to us since no method of data transmission or storage is 100% secure.
IAB Europe will only retain the Users’ and Members’ personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
The determination of the appropriate retention period for the Users’ personal data is based on the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your it and whether we can achieve those purposes through other means, and the applicable legal requirements.
For some of the purposes mentioned in section 4.1. or for purposes of which you may be informed separately, IAB Europe may anonymise the User’s personal data so that it can no longer be associated with the User, in which case it is no longer considered personal data. For example, IAB Europe anonymises personal data in order to create statistics about the usage of its Websites which IAB Europe may use to improve its Websites.
Upon expiration of the applicable retention period IAB Europe will securely destroy the personal data in accordance with applicable laws and regulations.
Data subjects’ rights
Any Member and TCF Participant may, at any time, have access to their personal data and correct them through the thumbnail “Edit Profile”, within the “Members – Account” or “TCF Participant – Account” menu on the Websites (or at the following address: https://iabeurope.eu/profile/edit by using their username and password).
Data Subjects may also request access, ask for rectification and for deletion of their personal data, except those which IAB Europe are legally obliged to retain, from IAB Europe’s database by addressing a written request, accompanied with, to the data controller at the following address: IAB Europe, 1040 Brussels (Belgium), Rond-Point Schuman, 11. Data Subjects may request to have their personal data transferred to another controller, in a structured, commonly used and machine-readable format.
Any Data Subject may request restriction of processing of their personal data.
Where IAB Europe processes a Data Subject’s personal data on the basis of consent, the Data Subject has the right to withdraw that consent (although this withdrawal does not affect the lawfulness of any processing performed prior to the date on which IAB Europe receives notice of such withdrawal, and does not prevent any processing of personal data on any other available legal bases).
IAB Europe will then take all necessary steps to satisfy such request with expediency.
Any Data Subject has the right to lodge complaints regarding the processing of their personal data with a data protection authority (which can be any of the data protection authority of the EU Member State in which they live, or in which they work, or in which the alleged infringement occurred).
Subject to applicable law, each Data Subject may also have the following additional rights regarding the processing of their personal data:
- the right to object, on grounds relating to their particular situation, to the processing of their personal data by IAB Europe or on its behalf; and
- the right to object to the processing of their personal data by IAB Europe or on its behalf for direct marketing purposes.
Persons under the age of 16
Persons under 16 years old and persons who do not have full legal capacity are not allowed to use the Websites, and must not provide their personal data to us. IAB Europe does not knowingly collect or store personal data about children under the age of 16, unless permitted by law. If IAB Europe learns that it has collected personal data from a child under age 16, it will delete that information from its database.
We display personal testimonials of satisfied members on our Websites in addition to other endorsements. With your consent we may post your testimonial along with your name, but we will always check that you are happy for us to do so first. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
10.2 Links to 3rd Party Sites
Rond-Point Robert Schuman 11
+32 2 256 75 10
Last Updated: 01 March 2020