Fyber develops and operates several services in the ad-tech environment, such as a Real Time Bidding (RTB) digital automated (collectively, “Programmatic“) ad exchange, a mediation platform, Programmatic mediation platform, incentivized Offer Wall, direct sales service and other online advertising-related services, all of which include advertising management services, such as optimization, ad serving, campaign management and the compilation of relevant statistical data (collectively, the “Services”).
This statement (“Privacy Statement”) explains Fyber’s privacy practices for processing Personal Information through the Services. It applies when individuals (“Users”) access and use mobile applications that are connected to or use the Services.
Fyber provides its Services to publishers and advertisers. When providing the Services, Fyber has no direct engagement or interaction with the users of the mobile application, except as specifically indicated in this Privacy Statement. Fyber requires its publishers and advertisers (as applicable) to provide a privacy notice, as required by applicable laws, and if required by such laws, to also provide an adequate notice to their mobile application’s users about this Privacy Statement. The Services are not directed to children under 16 years of age and Fyber does not intentionally or knowingly collect Personal Information on such users.
1. The Services
We provide automated web-based advertising services.
Fyber provides Services to developers and/or owners (collectively, “Publishers” or “Supply Partners”) of mobile applications, and advertisers, advertising agencies, Demand Side Platforms (DSPs) and ad networks (collectively, “Demand Partners”) (Supply Partners and Demand Partners are also referred to as “Customers”) with the following Services:
Fyber Marketplace – this Service, enables Supply Partners to make their ad inventory available for purchase through a Programmatic auction and for the winning bid of such auction to also serve an ad to the individual who uses Supply Partner’s mobile application (“Users”);
Fyber FairBid Mediation – this Service enables Supply Partners to optimize the placement of ads by third-party Demand Partners on their mobile application and for Demand Partners to buy ad inventory and serve ads directly on such mobile application;
Programmatic Mediation – this Service enables Supply Partners and Demand Partners to use Programmatic auction for the sale and purchase of advertising space inventory on mobile applications that are integrated with the Services;
Offer Wall Edge – this Service enables Supply Partners and Demand Partners to use an opt-in scrollable offers which includes individual ads to be integrated into a mobile application.
Direct Sales – this Service that enables Supply Partners and Demand Partners to run ad campaigns on mobile applications.
From time to time, Fyber will offer ancillary Services to the Services described above and additional Services.
Fyber has no direct engagement or interaction with Users, except for the Offer Wall Edge service where Fyber provides technical support to Users of such service on behalf of the Supply Partner.
When a User contact Fyber’s customer support team for technical issues related to the Offer Wall Edge service, Fyber will process any Personal Information that such user provides within the support request form, such as the User’s name and email address to respond to his/her support request.
2. The Personal Information that Fyber Collects and Receives via the Services
We collect Personal Information from devices, Properties and Customers.
Fyber only collects Personal Information that Supply Partners had instructed Fyber to collect, in writing, prior to such collection, and subject to a User’s permissions within the mobile application or a User’s mobile device, or as otherwise permitted under applicable laws.
As an example, if a User uses a mobile application with a Fyber’s Software Development Kit (“SDK”) embedded in it, the SDK will only collect information that the Supply Partner enabled Fyber to collect for the provision of the Services and in any case, the SDK will not collect the User’s precise (such as GPS-based) location data unless the User affirmatively allowed/enabled the mobile application to collect it.
From time to time, Fyber will use additional or alternative tools to collect information. If Fyber’s use of a new tool impacts Fyber’s privacy practices, we will amend this Privacy Statement accordingly.
When interacting with the mobile application, Fyber may collect or receive the following information, which includes Personal Information:
- Information about a User’s device, such as device type and model, network provider, browser type, language.
- Information about the mobile application, such as package name, key words, version.
- Information about User’s operation system, such as Android, iOS.
- Information about User’s mobile advertising identifiers, such as User’s Advertising ID (Apple IDFA or Google AAID).
- Information that User’s device provides, such as device IP address, network connection type and device GPS location (only if the User provided permission).
- Information that Fyber receives from Supply Partners, such as a User’s age, gender and zip code.
- Information that Fyber receives from third parties about the User from sources other than the mobile application, such as non-precise device location based on IP address, device specifications and User’s interests.
3. What does Fyber do with Personal Information?
Fyber collects Personal Information in order to provide the Services, as described in this Privacy Statement. The User is not required by law to provide Fyber with any Personal Information.
Fyber’s provision of the Services include:
- Facilitating the use of the Services by Customers;
- Enabling and optimizing the Services’ tools and features for Customers’ use of the Services;
- Studying and analyzing the functionality and performance of the Services and activities related to the Services, to operate, maintain and improve Customers’ experience with the Services;
- Providing support to Customers and in some cases to Users as instructed by our Customers and on their behalf;
- Measuring the Services’ activity for pricing purposes;
- Protecting the Services and Customers from fraud, misuse and unlawful use of their Services’ related data and assets;
- Facilitating the Services’ contractual engagements and obligations between Fyber and its Customers;
Fyber commits to process Personal Information solely for the purposes that this policy describes. To the extent relevant and within Fyber’s technological and operational ability, Fyber will make efforts to maintain accurate information that is complete and up-to-date.
4. Sharing Personal Information with Others
We share Personal Information with Customers, our affiliates and service providers at the instructions of our Customers. We may also need to share data with law enforcement and other authorities, as required by law.
Fyber shares Personal Information at the instructions of Customers as follows:
- We share Personal Information with Demand Partners for the purpose of serving Users with contextual ads, based on the content that Users view or use on mobile application, or targeted ads which are based on Users’ preferences and past online activities and that can interest Users; and for ad reporting purposes and for Demand Partners to have information about the performance of their ad campaigns and improvement of their ads performance.
- We share Personal Information with Supply Partners to help them understand how Users are engaging with ads, the type of Users that are most engaging with types of ads on their mobile application, and the type of ads that are published on their mobile application;
- We share Personal Information with Third Parties to receive additional data on Users from sources other than the mobile application in order to help analyze and enrich the Personal Information that we collect about Users, and serve User with more relevant ads on the mobile application and on additional online properties; and to receive third party’s services, such as fraud protection, bot detection, rating, analytics, viewability, ad security and verification services.
- We share Personal Information with Fyber’s corporate affiliates in order to provide the Services
- We will share or transfer Personal Information if Fyber is involved in a merger, acquisition, or sale of all or a portion of its assets, as part of such transaction, to support to continued provision of the Services The entity which will assume the ownership of the Services will continue to protect Personal Information as required under applicable laws and pursuant to this Privacy Statement
We will also share Personal Information with law enforcement and government agencies, courts, and other organizations: (a) as required by law, such as to comply with a subpoena, or similar legal process; or (b) when Fyber believes in good faith that the disclosure or sharing is necessary to protect rights, protect User’s safety or the safety of others, investigate fraud, or respond to a government request.
5. Aggregated and Analytical Information
Fyber uses anonymous, statistical or aggregated information and shares it with its partners for legitimate business purposes. It has no effect on User’s privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with any User.
6. User Choice
A User can disable the User’s account, opt-out from location-based advertising, limit the use of tracking data for ad targeting, opt-out of our Demand Partners and delete cookies.
If a User has an account with the Services, at any time, he/she can disable such account through the account page. Thereafter, Fyber will stop collecting any Personal Information from such user.
However, Fyber stores and continues using or making available Personal Information that relates to the User. For further information, please read the Data Retention section in this policy
If a User wishes to opt-out from collection and use of precise location data for advertising, the User can turn location services off through the User device’s settings. The latest versions of iOS and Android allow a User to limit which particular applications can access the User’s location information.
A User also can limit the use of identifiers for ad targeting on the User’s devices. If a User turns on this setting, mobile applications are not permitted to use the advertising identifier to serve consumers targeted ads.
As an example, for iOS, the controls are available through Settings > Privacy > Advertising > Limit Ad Tracking. For Android, Google Settings > Ads > Opt Out of Interest-Based Ads.
Although this tool will limit the use of tracking data for targeting ads, companies will still be able to monitor users’ mobile application usage for other purposes, such as research, measurement, and fraud prevention.
A User can reset the identifiers on the User’s mobile device in the device settings. iOS users can do this by following Settings > Privacy > Advertising > Reset Advertising Identifier. For Android, the path is Google settings > Ads > Reset advertising ID.
Following such restart, the device is harder to associate with past activity, but tracking can start anew using the new advertising identifier.
If a User would like to opt-out from Demand Partners’ use of Personal Information about the User, to serve targeted advertising to the User’s mobile application, the User can download the Digital Advertising Alliance’s mobile application for each of the User’s devices and set the User’s preferences in the mobile application.
If a User resets the mobile advertising identifiers, the User will also need to reset the User’s preferences in the AppChoices applications.
To opt-out of Google Analytics’ collection of data, a User can use the Google Analytics Opt-out Browser Add-on at: https://tools.google.com/dlpage/gaoptout.
Web browsers offer a “Do Not Track” (“DNT“) signal. A DNT signal is a HTTP header field indicating your preference for tracking User’s activities on the Services or through cross-site user tracking. The Services do not respond to DNT signals.
7. California Residents’ Privacy Rights
Under the California Consumer Privacy Act (“CCPA”), Fyber collects Personal Information as part of its Services as a Service Provider at the instructions of Customers who are the Businesses under the CCPA. As a service provider, Fyber is committed to assist its Customers-businesses to fulfill Consumers’ rights, as required under the CCPA. Therefore, the User is advised to contact the relevant Customer, to exercise the User’s rights under the CCPA.
If our Supply Partners request us to delete any User’s Personal Information that we collected from him/her, on behalf of our Supply Partner, and retained as part of our Services to it, we will delete the User’s Personal Information from our records, unless retaining such information is necessary for us to complete the transaction with the User, detect security incidents, identify and repair errors, exercise free speech or another right provided by law, comply with specific laws or legal obligations, or any other internal and lawful uses.
8. EU Data Subject Rights
Under Regulation (EU) 2016/679 (“GDPR”), Fyber processes Personal Data as part of its Services as a data Processor at the instructions of Customers who are the data Controllers. As a data Processor, Fyber is committed to assist its data Controllers to fulfill data subjects’ GDPR rights.
Therefore, if a User wishes to exercise the User’s rights under the GDPR or has any questions in this matter, the User should contact the relevant Fyber’s Controller directly.
9. Data Retention
We retain Personal Information as needed to support our Services under this Privacy Statement.
As a general practice, Fyber stores Personal Information related to a User for as long as required in relation to the provision of the Services (please read more in Section 3 of this Privacy Statement).
Fyber is required to retain information, including Personal Information, by law. Aggregated non-identifying data will be retained by Fyber for longer periods.
10. Transfer of Data Outside User’s Territory
To provide the Services, Fyber stores and processes Personal Information in various sites throughout the globe, including in sites operated and maintained by cloud-based service providers.
If the User is a resident in a jurisdiction where transfer of Personal Information related to the User to another jurisdiction requires the User’s consent, then Customers bear the responsibility and are instructed to receive the User’s consent, as required under applicable laws, to such transfer.
To the extent necessary under EU privacy laws and regulations, Fyber will implement data onward transfer instruments, such as the Controller to Processor EU-US Standard Contractual Clauses.
Fyber implements other or additional onward transfer mechanisms, as available from time to time.
11. Information Security
Fyber implements systems, applications and procedures to secure Personal Information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
Fyber commits to safeguarding the confidentiality of Personal Information related to the User. Fyber and its hosting services implement systems, applications and procedures to secure Personal Information related to the User, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
As an example, Fyber limits access to Personal Information to authorized personnel on a need to know basis in order to operate, develop or improve the Services.
While all measures provided reflect the current industry standard of security, Fyber cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
Fyber will update its Policy from time to time after giving proper notice.
From time to time, Fyber will update this Privacy Statement. If the updates have minor if any consequences, they will take effect 7 days after Fyber posts a notice on the Services’ website or requests its applicable Customers to provide the notice. Substantial changes will be effective 30 days after Fyber’s notice was initially posted.
Note that if Fyber needs to adapt the policy to legal requirements, the new policy will become effective immediately or as required.
13. Contact Fyber
Please contact Fyber’s Data Protection Officer at: [email protected] for further information.
Last Updated: September 17, 2020.