Who we are and our culture of protecting personal data
Optiweb is an advertising and web technology company that specializes in web development, production of on-line web pages and services and running of advertising campaigns in digital media. Using media outlets, data analytics, in-depth research and new technologies, we enable marketers to deliver the right message to the right person at the right time, every time.
The advertising technology we have developed is used across the industry by advertisers, direct marketers and web publishers to help them plan, execute and analyse their digital marketing activities. When using our technology, privacy is extremely important to us, and we take it very seriously. We are proud that our operations fully comply with the provisions of the EU General Data Protection Regulation and Slovenian legislation in the field of personal data protection.
- visit our websites or provide us with your personal information through a web interface, e-mail or physical forms,
- use our technology solutions (hereinafter: Services) provided for publishers,
- interact with digital advertisements (“Ads”) that were trafficked and delivered (optionally also created) with the use of Optiweb technology as an End user.
Our company ensures that our activities comply with European legislation (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and Council of Europe Conventions (ETS No. 108, ETS No.181, ETS No. 185, ETS No. 189)) and the legislation of the Republic of Slovenia (Law on the Protection of Personal Data (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/07), the Law on Electronic Commerce on the market (ZEPT, Official Gazette of the Republic of Slovenia, No. 96/09 and 19/15).
Data collection scope
Personal data is information that identifies you as a specific or identifiable individual.
Non-Personal data may include information that can’t identify you as a specific or identifiable individual, for example: on-site user behavior and user/page content data, URLs, statistics, internal search queries and similar.
The Provider collects several different categories of information:
- Information we must have for being able to use Optiweb services
- Information to improve Optiweb’s websites, products, programs and/or services
- Information collected from interacting with Ads as End Users
My Personal Data
- Basic user information (name and surname, address)
- Contact details and information about your communication with the Controller (e- mail address, telephone number, date, time and content of postal or e-mail communication)
- Information about the user’s use of the Controller’s website (dates and times of site visits, visited pages or URLs)
- Other data that the user voluntarily submits to the Provider upon request to access certain services that require this information
The purpose for processing and the basis for data processing
The Provider collects and processes your personal data on the following legal bases:
- Individual consent
- Legislation or contractual basis
- Legitimate interest
The Provider does not collect or process your personal data unless you enable this or consent to it when:
- you subscribe to the newsletter,
- you submit your information by e-mail,
- you submit your data on a business card,
- you use one of our technological solutions for advertisers or publishers,
- there is a legal basis for collecting personal data or when the Provider has a legitimate interest in processing your data.
The term for which the Provider retains the collected data is described in more detail in the Retention of personal data section.
Processing based on your consent
When you provide consent, the Provider collects and processes (uses) your personal data for the following purposes:
- to inform you about its services, offers, and products in the form of a newsletter and e-mail messages, and to provide you with the service (billing etc.).
- for other purposes, which you separately agree on a case-by-case basis as you do business with the Provider.
Processing based on legislation and contractual relationships
If the provision of personal data is a contractual obligation, an obligation required to conclude and enforce a contract with the Provider, or a legal obligation, we will have to ask you to submit your personal data; in the event that you do not submit your personal data, you will not be able to conclude a contract with the Provider, nor will the Provider be able to provide the services or deliver the products under the contract.
Processing based on a legitimate interest
The Provider may also process the data based on a legitimate interest which is based on the purpose for processing personal data and which the Provider is trying to realize unless prevailed upon by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In cases of a legitimate interest, the Provider shall always carry out an assessment in accordance with the General Data Protection Regulation.
Contractual processing of personal data
The contractual processors working with the Provider are:
- E-mail messaging providers (e.g. Mailchimp and others)
- Providers of online advertising solutions (e.g. Google, Facebook)
- Data processing and analytics providers
- IT system maintainers
- Payment system providers
Contractual processors may process personal data exclusively based on the relevant contracts and in accordance with the Controller’s instructions and may not use the personal data to pursue any of their own interests. The Provider will not transmit your personal data to unauthorized parties.
Personal data retention
The Provider will only retain your personal information for as long as it is necessary to realize the purpose for which personal data has been collected and further processed (for example, to ensure that you can access specific information available to you, for the Provider’s newsletter, etc.).
The personal data that the Provider processes based on an individual’s personal consent or legal interest is retained permanently until consent is revoked by the individual or the individual submits a request to stop the processing.
The Provider shall retain personal data processed based on legislation for the period prescribed by law.
The personal data processed by the Provider for the purpose of fulfilling a contractual relationship with an individual will be retained for the period necessary for the performance of the contract and for another 5 years after its termination, except in the event of a dispute over the contract between you and the Provider; in this event, the Provider shall retain the data for 5 years after the court’s final decision or arbitration or settlement or, if no court dispute has been initiated, 5 years from the day the dispute has been settled consensually.
After the expiry of the retention period, the Provider will delete or anonymize personal data effectively and permanently in such a way that it cannot be linked to a specific individual.
Automated data logging (non-personal data)
Whenever you access a website, general and non-personal information (number of visits, the average duration of visit, pages visited) is automatically logged (not as a part of your login). This information is used to measure the attractiveness of our site and to improve its content and usability. Your information is not subject to further processing and is not transmitted to a third party.
Cookies are small text files that the website sends to and saves on your device. Cookies are saved in the file directory of your web browser. During the next visit of the same website, the browser reads the cookie and forwards information to the website or to the service that had set the cookie.
The retention of non-personal data
The retention of non-personal data is based on the cookie expiration settings. How long we save cookies depends on the type of the cookie. Session cookies expire when you close your tab or your browser. Persistent cookies expire after three months.
The use of non-personal data
Optiweb uses the collected non-personal data to provide advertising related Services to clients. When you provide Cookie consent, the Provider might collect and process (use) your non-personal data for the following purposes:
- to prevent fraudulent activities, such as fake clicks, robots etc.
- to facilitate the process of buying and selling online advertising, including calculating a bidding price
- to analyze and report advertising campaign performance and attribute end users to campaigns, publishers, ads or targeting data
- to decide what ad to show and to show it or not
- to improve advertising experience with assuring caping frequency, optimizing ad sequence, showing relevant display ads in accordance to end user interests, predicting probability that an end user will interact with an advertisement
- for cross-device mapping purposes
- for meeting end user opt-out request
- for synchronization purposes with other online advertising services
- for internal research and development services, developing new features and improving our advertising algorithms.
Opting out from collecting and using non-personal data
You can opt out from collecting and using non-personal data with managing cookies in your browser or on your device.
As an end user you can manage your cookies in your web browser’s settings. Browsers use various methods to limit the usage of cookies. Usually, these options can be found in the Tools or Options menu. You can also read your browser’s Help section.
For opt-out of ad tracking and targeting on mobile, smart TV and similar devices, you should consult device manufacturer to provide you with instructions to block or disable cookies.
IAB Europe standards and regulations for opting out shall be applicable: http://www.youronlinechoices.com.
Your personal information protection
To protect and ensure the security, integrity, and availability of your data and information Optiweb uses several security measures, including encryption and authentication tools.
Although it is not possible to provide complete protection against cyber-attacks when downloading data from the web or the website, we are constantly working to implement physical, electronic and procedural safeguards to protect your data in accordance with the applicable data protection requirements.
Among other things, Optiweb uses the following measures to protect personal data:
- IT systems are protected with a firewall to prevent unauthorized access
- Access of individuals to your information is limited based on the need to know and exclusively for the stated purpose
- Collected data is transferred in an encrypted form,
- We continuously monitor access to IT systems to detect and prevent the abuse of personal data
Rights to delete, rectify or object and other rights
Individuals who want their information permanently deleted from our personal data database should contact us at firstname.lastname@example.org. We assure you that we will delete the data within 15 days and inform you accordingly.
If you change your personal information (postal code, e-mail address, physical address, phone number), please feel free to let us know by e-mailing email@example.com. We assure you that we will carry out your request within 30 days.
Your rights, contact information, and the right to complain
In case you have any questions regarding the protection of your personal data, please email us at firstname.lastname@example.org.
You have the right:
- to request further details on how we use your information,
- to access your personal data and the copies of data you have submitted to us,
- to receive the personal data, you have submitted to us in a structured, widely- used and machine-readable form and to transmit this information without hindrance to another controller when technically feasible if your data is processed based on your consent or contract and is carried out with automated means,
- to request an update of all the inaccuracies in the data we store,
- to request the deletion of all data for which we no longer have a legitimate basis to use
- when your data is processed based on consent and in relation to any type of direct marketing, you may revoke your consent effective from the time of revocation, so we halt the specific processing,
- to object to any processing [including profile creation] based on legitimate interests, because of your particular circumstances, unless our reasons for processing your data have priority over any interference with your data protection rights,
- to require that we limit the way we use your data, for example, as we review a complaint.
If you are not satisfied with the way we use your information or with our response as you exercise these rights, you have the right to appeal to the Data Protection Authority (https://www.ip-rs.si/).
Ljubljana, 16 May 2022