Valid from September 1, 2022.

WordPay is operating a proprietary technology platform which helps publishers monetise their content. WordPay’s platform serves as a content access paywall where we include video advertisements and subscription offers to publisher readers.

Advertising on web and mobile devices

The general functionality for serving advertisements on the web and mobile devices: The essential workflow is triggered by a user visiting the publisher’s website by requesting the website URL through the browser.

• When the website is displayed in the browser, an ad tag from WordPay is executed, which triggers a request (“ad request”) to the WordPay ad serving SSP / ad serving system (“platform”) to receive an advertisement.

• WordPay is cooperating with different 3rd parties to ensure a sufficient amount of campaigns and thus monetisation for the publisher.

• After the ad delivery process, WordPay aggregates the number of delivered creatives incl. certain standard KPIs (e.g. click-through rates, view-through rates, and similar performance metrics).

Purpose of Data Collection - why do we collect personal data?

Audience data is one part technically mandatory to achieve a good advertising experience for you as a website visitor. However, it also supports the efficient usage of marketing budgets by advertisers. Hence, publishers and advertisers have a commercial interest in online marketing supported by audience-targeting algorithms.

Storing anonymous identifiers

WordPay does not store cookies in your browser. Instead, we create an anonymous identifier (ID) based on your device characteristics to ensure that you are not a bot engaging in fraudulent activities. The essential purpose of anonymous identifiers is to control and count the amount of advertising shown to the users on their web and mobile devices. We use identifiers for

• Controlling the frequency of how often the user sees the same advertisement (frequency capping)

• Counting impressions, clicks and viewing completion rates of advertisements

• Counting the unique number of users/devices who have seen a particular advertisement within a particular frequency (to minimise you watching the same advertisement over and over)

What you can see from all those purposes of data collection, is that you as a user benefit from it, especially by not being bothered by the same advertisement dozens of times or seeing irrelevant ads. This is directly contributing to a positive internet usage experience for you.

Being able to count impressions and clicks and measure ad consumptions are important functionalities for advertisers as well. They are paying publishers for every ad they show and need to have reliable numbers for this. Also, advertisers need to understand how users interact with their creatives because advertisers also want to present entertaining advertisements which can gain the user’s attention.

The reason we need this ID is straightforward: since we do not know who you are, we still need to be able to recognise you when you have contacts to WordPay ads to understand if you have seen an advertisement already.

Storing an anonymous number in your browser or using the replaceable Advertisement ID of your device is a straightforward way to do that. Since the number does not tell us anything about your name, email address, etc., it is also a user and privacy-friendly way to enable this. These IDs are just randomly generated numbers, entirely unrelated to any data that would allow us (or anyone else) to identify you as a person. No one can use the ID to figure out who you are.

How we ensure the anonymity of your data, and is it even possible?

Yes, there is practically no way we could find out whom you are by looking at the anonymous user ID. It would require us to have physical and software access to all devices that have been in contact with WordPay ads and to identify who owns and uses them. Then we would need to read the device IDs stored on all of them to find out which one of those is yours finally. We hope you agree that this is practically impossible.

The IP address is required in any internet communication and therefore transferred in requests to our systems. Since IP addresses of users usually are provided by ISPs or telecommunication companies to you, it would be possible to use the IP address to find out who you are. To do so, we would still need to legally force the ISP company to disclose your name to us. Therefore the IP address needs to be treated with special care to ensure your anonymity is safely protected. The next section describes how we use IP addresses and what we do to protect your anonymity.

Usage of the IP address

As described above, the IP address is transferred to the WordPay systems when an advertisement is requested from a user device. WordPay uses the IP addresses for two different purposes.

Purpose 1: Resolving the geographic location from the user’s device

Some advertisers sell their products only in certain countries, regions, or cities. For this reason, advertisers want to avoid advertisements shown in regions where their products are not sold because this would be a waste of money. The IP address can roughly determine a user's geographic location. By this, users can be targeted in the country, state and (with limited accuracy) also on a city level/postal code level. For this purpose, WordPay resolves the IP address to a geographic location using an external geographical database. The IP address is also forwarded to the sub-processor and buying partners.

Purpose 2: Fraud detection

Advertising fraud has become a serious problem in online marketing. Ad fraud usually means that advertisements are displayed on fake websites, where impressions are artificially generated and not by real human beings. The damage from fraudulent advertising is serious and is estimated to be hundreds of million USD annually. To detect such fraudulent sites, the IP address plays a vital role. Botnets, which induce ad fraud, usually work with a limited range of IP addresses. For this reason, IP addresses are so important for fraud prevention. Also, buying partners and WordPay sub-processors rely on the IP address for fraud detection.

What data is stored, and for how long?

WordPay stores personal data only when necessary and as long as reasonably needed to conduct its regular business. WordPay is not storing IP addresses but only their truncated and encrypted hashes.

IP address hashes and anonymous identifiers related to advertising contacts (i.e. ad request, bid request, impression, and click data) are stored in log files. Log files are required for WordPay's advertising and publisher partners in cases of disputes. Log files contain the user ID, browser, date, time, website URL, hashed IP address, operating system and device type on which the advertisement has been shown. If advertisers or publishers are counting deviating numbers of ad impressions, this can lead to disputes about the payments to make to or from WordPay. In such cases, log files are the only means of proof to validate the accuracy of WordPay invoices or credit notes. Log files are also required to generate aggregated reports about advertising campaign delivery on websites, which are provided to WordPay’s clients. When data aggregation fails, server log files are needed to restore this information. We are storing log files for a term of 120 days. Usually, reporting issues or invoice disputes are not occurring later than that period.

Anonymous identifiers and their assignment to segments are stored in a document database and specialised analytical databases. User IDs stored in local storage and the related information are deleted 30 days after the last contact.

Data Processing outside the European Union

WordPay is not processing personal data outside the European Union. WordPay is hosting its infrastructure on Amazon Webservice and Digital Ocean Servers only in data centres in Germany, Stockholm and Dublin. However, WordPay is working with sub-processors and companies processing data on servers within the United States. This processing is happening based on appropriate safeguards and binding corporate rules according to Articles 46/47 GDPR. Please visit our privacy portal's sub-processor and partner web pages below for more information.

Recipient categories of personal data from WordPay and purposes of processing

WordPay don’t share personal data with third-party companies. Instead, WordPay enters a direct agreement with ad providers (both DSPs and SSPs) and signs individual data processing agreements with the ad providers. The ad providers use their technology to collect data and process it, enabling WordPay not to have any interaction with the data. This process allows WordPay to whitelist any ad provider while creating a contractual framework and control rights for WordPay to avoid undesired data usage.

Your rights as a Data Subject

The new GDPR has provided substantial rights to prevent us (and anybody else) from making undesired use of your data. These are your rights as foreseen in the Art. 12-19 of the new GDPR:

• You have the right to obtain information about if and which WordPay processes personal data from you.

• You have the right to demand the deletion of any personal data from you stored by us.

• You have the right to request limiting the extent to which we use your data.

• You have the right to revoke any consent which you have given in the past to process your data.

• You have the right to receive personal data from you, which we store in a structured, commonly used and machine-readable format, and to have it transmitted directly from one controller to another where technically feasible.

• In case of questions, comments, complaints, or queries related to our privacy policy or the processing of your data, you can submit those in writing to our data protection officer.

• You have the right to submit complaints directly to the supervisory privacy authority responsible for WordPay in case you have the opinion that our data processing practices are violating relevant privacy legislation.

Please note that for online marketing purposes, we are not storing any information related to named individuals. All information we store is anonymous identifiers and hashed and truncated IP address information. Therefore, the correction or modification of data is not possible for us. In case of a limitation, rectification or change request, we will simply delete your data.

How to get in contact with us for privacy matters?

WordPay ApS

Amaliegade 6

1256 Copenhagen

Denmark

Phone: +45 71 99 18 55

You can also reach our central privacy support team via email at privacy@wordpay.io

List of Subprocessors or Data Transfer Partnerships

Here is a list of all Data partners directly connected to the WordPay platforms. Please note that not all of these partnerships may only be active for limited timeframes and can be paused in between.