1. Our commitment to privacy
2. Who we are
We are iClick Interactive Asia Group Limited (“iClick Interactive”). Our registered office address is 15/F Prosperity Millennia Plaza, 663 King’s Road, Quarry Bay, Hong Kong. Our company number is 852 3700 9000. For any data privacy or data protection related issues, we can be contacted as set out in Section 13.
3. Data collection
The data we collect about you depends on the Services that you use and how you use them, and it also depends on your relationship with iClick: if you are a user, a business partner, a prospect, an employee etc.
3.1. End-user data
iClick is a company operating in the field of marketing and advertising technology. We provide digital advertising and analytics services for the benefit of our business customers, giving them the ability to reach users who are most likely to be interested in their products and services. Our proprietary platform possesses cross-channel and cross-screen capabilities to transform data into insight, action and performance. We use the data collected and processed to inform audience targeting and generation of insights about Chinese consumers, and we let our clients use our SaaS platform or we run campaigns on behalf of our clients.
For Europe-based users:
iClick does not target users in the UK and the EU/EEA and it is not our intention to process the personal data of users located there. In order for us to process your data, you will normally have consented to and accepted data processing and cookies or similar technologies from one of the publishers that we collect data from. So, it is possible that when visiting Chinese language websites, you may have consented to data processing or accepted cookies which might lead to us processing your data even if you are located outside of China. On the other hand, we will target Chinese travellers when visiting Europe with advertising campaigns that are run on behalf of our clients. Remember you can change your preferences at any time (please see Section 11) and you can also exercise your rights by contacting us as set out in Section 13.
iClick relies upon consent as a legal basis for most data we process for targeted advertising purposes. However, we and our clients also have a legitimate interest (which is compatible with your privacy rights and interests) to collect and process personal data for the following purposes:
- Understanding whether users have made purchases after having seen ads (view-through measurement)
- Counting the number of times users who have seen ads have proceeded to buy a product or service (conversion tracking); this is necessary to understand the overall return on investment of that ad
- Understanding browsing behaviours of aggregated users; this is necessary for us to improve and develop our solutions and services
- Ensuring ads are not shown to the same users more than a certain number of times (frequency capping)
- Counting the number of times ads have been seen (frequency measurement)
- Counting the number of times ads seen have been clicked on (click count); needed to understand which creative formats generate interest and engagement as we always want to serve relevant ads
- Understanding whether ads are seen by users (viewability measurement): this is needed to optimize advertising investment
- Checking for fraudulent behaviour (e.g. many clicks from the same IP address or other unusual patterns).
3.2 Business contacts data
If you are a business contact, e.g. if you work for a business partner, a client, an agency, a publisher, a data provider or other supplier, a prospect, a PR contact or influencer etc. we may hold some personal data about you. We will need that data in order to communicate with you, invoice and collect payments, make payments, and manage contracts and products and services that we offer or obtain. That data may include your name, business email address, billing address, office address, business phone numbers, title, expertise, employer etc. We would only hold this information where it is necessary for the intended purpose; e.g. it may be because you are a client (and we had to invoice you, offer our services to you etc.) or you may be a prospect and we would have obtained that information from exchanging emails or business cards, from public sources, or during meetings or events etc.
For UK and EU users:
Under the current law, we would not have to obtain consent in order to keep this data as we require this data in order to manage our contract with your organization, or the data processing is necessary for our legitimate interests in managing and marketing our services or evaluating new services and supplies. Still you can exercise your data subjects’ rights in relation to that personal data and contact us as set out in Section 13.
Our retention policy for this data is as follows, i.e. we will delete your data:
• Three years after the last contact
• Five years after the end of the contractual relationship.
3.3. Employee data
If you are an employee of iClick Interactive, we suggest you refer to our HR policy and our employee handbook of your region. If you are applying for a position with iClick, we will provide the relevant data processing information in a separate candidate’s privacy notice.
4. Types of data we collect and process
iClick collects data via identifiers such as cookies (web) placed on your devices through partners’ websites or apps or device IDs (mobile). In general, the types of data collected include cookie ID, device IDs, IP addresses, URLs visited, statistical, demographic and behavioural information etc. collected throughout your browsing activity on our publisher partners’ sites, or campaign data (ads seen by each user, engagement with those ads, clicks etc.). As iClick adheres to the most stringent security standards, the data we collect and process is encrypted and kept in pseudonymized form.
iClick does not collect any information such as email, address, phone number, credit card information etc. The cookie and device ID data we hold about you is not data which allows us to know you in real life. We do not process any data in such a way that it could be used, including through a third party, to establish the identity of a user.
5. What does iClick do with your data ?
iClick collects data in order to run its audience targeting platform, run managed service campaigns on behalf of its clients, or generate insights and analytics. We and our advertiser partners may use this information in order to make inferences about your potential interests or preferences and make decisions or buy, track, or report on ads served (impressions) via ad exchanges. We may also share performance data (i.e. relating to viewability of the ad, clicks, and conversions) with advertisers or/and their agencies. During this process, we may overlay third-party data collected from third-party data providers to enhance our decision-making. Data also helps our advertiser clients to serve ads more relevant to users, therefore enhancing the return on investment and making ads more meaningful. In compliance with industry standards, we also use IP addresses for purposes such as fraud detection to help alert us to situations which could not have been caused by human behaviour, such as a massive amount of clicking in a limited period of time.
We do not process any information or combine it with information obtained through third parties in order to determine the identity of users. iClick won’t process any real life personally identifiable information, and will not know your identity, your name or your email address.
6. How long does iClick keep your data ?
iClick holds your personal data according to stringent security and encryption standards, and we only do so for as long as necessary to run our business. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. As soon as reasonably practicable, once service to a client has been completed, all information identifiable to a user, collected by us, for that service, will be properly and securely destroyed and permanently deleted from our systems.
For UK and EU/EAA users:
We delete all cookie IDs and device IDs after 6 months and campaign data (impressions, clicks, click through rates etc.) after 24 months.
7. Data Transfers (for UK and EU/EAA users)
The marketing and advertising technology ecosystem is a complex and global one. Because of their nature, datasets know no frontiers. In order to operate our business efficiently, we have to transfer data to our key partners, suppliers, clients, some of which have servers located in different parts of the world. As noted above, it is not our intention to collect personal data relating to UK and EU/EEA users.
If our services do involve any transfers of personal data out of the European Economic Area or the UK to a jurisdiction that is not the object of an EU or UK “adequacy” decision, then we will rely on safeguards such as the applicable standard contractual clauses. When we transfer data to countries where we or our partners, processors, sub-processors maintain facilities, we will only do so as long as those partners, processors and sub-processors transfer data via a valid legal mechanism such as the applicable standard contractual clauses.
We may provide data to other companies in our corporate group and technical service providers based outside the UK and the EU/EEA that require access to it in order to assist us in providing our services. In particular, we work with reputable external organizations (such as ad exchanges, measurement and verification services), to which we provide certain data which may include personal data, in order to provide our technology platform and services, on the basis of detailed written agreements requiring among other things compliance with applicable laws and security standards. If we receive a valid request, a copy of the applicable safeguards in relation to international data transfers may be made available.
If any governmental body, law enforcement agency, or regulatory authority requested data from us, then we would normally comply with such request without having to notify you or other users.
8. Personal sensitive data
We do not process any sensitive or special categories of data such as racial, religious data etc.
For UK and EU/EAA users:
Under the GDPR, special categories of personal data is any personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not process any special categories of personal data.
9. Children's data
iClick strives not to collect any children’s data. If you are a parent/guardian and you believe that iClick may be processing data from someone that you have parental responsibility for, please contact us as set out in Section 13.
11. Withdrawal of consent for cookies (for UK and EU/EAA users)
If you no longer wish to receive ads served by iClick, you can manage your choices by using: Your online choices
Important: when you choose to withdraw consent for receiving cookies, a cookie will still be set in your browser. Only by maintaining a cookie in your browser are we able to recognize that you have made the choice of rejecting optional cookies.
Web: You can configure your web browser to remove cookies by following the directions provided in your browser’s “help” section.
Mobile: You can withdraw consent to receive targeted advertising based on data collected via applications on mobile devices by following the instructions from the device maker, e.g. (at the time this Notice was published):
- Android: Open the Google Settings app > Ads
- iOS: Choose Settings > Privacy > Tracking
12. Data subject's rights
Applicable data processing laws grant users various rights including in the EU/EEA:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making,
or in California:
- The right to know what personal information has been collected about you;
- The right to ask to have it deleted;
- The right to opt out of sales of that personal information;
- The right not to be discriminated against for exercising any of your rights under California privacy legislation (e.g. we would never deny you access to a service, charge you a different price, or provide you a different quality of service for doing so).
If you are located in the UK, the EU/EEA or California and want to exercise your rights, you can contact us as set out in Section 13.
Where we process any data based on your consent, then you are always allowed to withdraw that consent at any time by contacting us (though the processing that took place before withdrawal will still be legal).
We are committed to resolving with you any issues or doubts you may have in relation to processing of your data. If you believe that your rights have not been respected at any time, then you may also have a right to complain to the Supervisory Authority in your country (also known as Data Protection Authorities) to ask them for a resolution.
13. Contacting us
For any data privacy or data protection related issues, we can be contacted at firstname.lastname@example.org
We have appointed a Data Protection Officer, whose contact details are the following:
Vincent Potier c/o iClick Interactive Asia Group Limited
15/F Prosperity Millennia Plaza, 663 King’s Road, Quarry Bay, Hong Kong