Privacy Policy
Version: February 2024
1. General information – Who processes your data?
Goldbach neXT AG supports the sub companies of Goldbach Group Ltd (hereinafter collectively 'Goldbach') from the evaluation through to the implementation, training and maintenance of all digital advertising technologies. No matter if these are SSP or DSP, ad servers, order entry systems or reporting tools. Goldbach neXT AG is responsible for and develops the central data management, target group, user-centred, and cross-media product development and offers planning, scheduling, ad management and programmatic buying in the area of digital media channels as an internal service provider for all entities of Goldbach Group Ltd.
Goldbach neXT collects and processes data as a data processor on behalf of the Goldbach sub companies. Our clients have privacy policies in which they provide information on the legal basis and purposes of the data collection, data security and your options as a user. In this Privacy Policy, when we refer to the processing of your personal data, we mean any handling of your personal data on behalf of the Goldbach sub companies. This could include gathering, storing, administering, using, transferring, disclosing, as well as deleting your personal data.
Protection of personal data is of particular concern to Goldbach neXT. We believe that secure, protected and respectful procedures in dealing with user information are essential for the success of our company and the growth and viability of the Internet as a whole. We are a member of IAB Europe, the professional association of the European digital and interactive marketing industry (‘IAB’).
The Goldbach Group is a registered member of the IAB Transparency and Consent Framework 2.2 (Vendor ID 580) and adheres to the guidelines specified for the same. IAB TCF 2.2 is an industry standard that enables all digital market participants (publishers, advertisers, technology service providers, etc.) to inform end users about the processing of their personal data and to give them the option to consent or object to it. See Section 11 for further information.
We only process your personal data (hereinafter ‘data’) in accordance with and on the basis of the statutory provisions of Switzerland’s Bundesgesetz über den Datenschutz vom 25. September 2020, SR 231.1 (Federal Act on Data Protection of 19 June 1992, hereinafter ‘DSG’) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter ‘GDPR’).
2. When do we process your data?
We process your data whenever we are in contact with your end device. This may be the case if you
- use a website or app marketed by Goldbach,
- use the HbbTV and CTV features of your smart TV on a TV channel marketed by Goldbach; or
- interact with a DOOH screen (digital billboard) marketed by Goldbach.
3. What data do we process?
The data we collect is not intended to identify you with your name, address, etc., as this is not necessary for the purpose of personalised advertising. On the contrary: The data collected about you (see below) is assigned to an identification number on your end device – i.e. your mobile phone, tablet, smart TV, etc. Therefore, the data collected is so-called pseudonymous data and as such cannot easily be attributed to a person.
The following information may be the subject of our data collection
- Device IDs (device identifiers, IP addresses, hashed e-mail addresses)
- Information about your use of the online platforms marketed by Goldbach (websites, mobile apps, CTV/HbbTV apps, DOOH screens)
- Geolocation data (only with your consent)
- Based on the information we collect about your use of the online platforms marketed by us, we create interest profiles. However, these are still assigned to a pseudonymous device ID.
- The privacy settings configured by you (opt-in, opt-out) – so that we know which parts of your data we may process for which purposes and which we may not
4. For what purposes do we process your data?
The purposes for which your data is processed are determined by our clients (see Section 1). In addition to the primary purpose of delivering to your end device use-based advertising that is relevant to you, this also includes the following purposes:
- Reporting to Goldbach advertising customers – We process data in order to demonstrate to Goldbach customers how advertising recipients have interacted with their advertising media (qualitatively and quantitatively).
- Frequency capping – we process data so that you do not have to view the same advertisement too often
- Combatting ad fraud – We process data to combat unfair activities of participants in the advertising industry
- We also process data for market research purposes
5. With whom do we share the data?
We (Goldbach neXT) process your data as contractors of Goldbach – i.e. the Goldbach sub companies, which engage us to process your data for the purposes specified by them. The Goldbach sub companies are jointly responsible for the processing of data under data protection law. Therefore, they are the recipients of the data and have control of it.
In addition, we use sub-service providers to provide our services. Although they may have access to some of the data, they may only process it in accordance with our instructions. It is contractually stipulated that, inter alia, they may not under any circumstances process data they receive from us for their own purposes. More information on our sub-service providers can be found below in Clause 5.1.
Should another company acquire all or essentially all of the assets of our company due to consolidation, merger, acquisition of assets or other transactions, we retain the right to transfer to the purchasing party all data (including personal data) that is in our possession or administered by us.
Finally, it is possible that an advertising customer of the Goldbach sub companies will place additional tags on its advertising materials that enable it to collect data when these materials are delivered. However, this does not constitute a disclosure of data collected by Goldbach. The advertiser itself is responsible for this data-collecting operation. Moreover, Goldbach cannot affect the use of such tags, nor is Goldbach involved in the technically successful implementation of these tags. Should this happen, the advertising customer will be identified on the Consent Management Platform of the publisher whose website the advertisement is posted on, and you can object to this data collection. Goldbach works exclusively with advertisers that are registered in the IAB Transparency and Consent Framework.
5.1. Our sub-service providers
We use technical sub-service providers in performing our tasks. A list of our sub-service providers can be found here.
To the extent the companies listed in the above link process data on behalf of Goldbach neXT, each of them has concluded a data processor agreement with us. This type of agreement ensures that the provider processes the personal data transferred to it only in accordance with our instructions and not for its own purposes and that the provider takes appropriate technical and organisational measures to ensure your data is protected as required by law. Should a service provider be located in a country that does not guarantee an equivalent standard of data protection as Switzerland or the EU, we shall conclude additional agreements with them (e.g. EU standard contractual clauses) and require them to take further technical and organisational security measures (e.g. encrypted data transmission and storage or the duty to provide information in the event of disclosure of the data to the authorities). The detailed privacy policies of the providers can be found in the above link.
6. How do we collect your data?
Your data is collected in particular using cookie technology or, in the case of mobile and HbbTV apps, for example, via API interfaces. Cookies are placed on your device by us or our sub-service providers.
6.1. What are cookies?
Cookies are small text files that a browser places on the hard drive of the device used by a visitor to a website or app (hereinafter ‘user’), where they are stored for data collection purposes. When you as a user visit a website marketed by Goldbach, our systems or the automated systems of our service providers (e.g. ad servers, data management platforms) utilise cookies to collect usage data regarding your visit to this website and may use third-party cookies beyond the specific domain, as well. These text files may contain information that can be read again at a later date.
First-party cookies are cookies that are associated with a particular domain (e.g. a website). Only this domain can write information in the cookie and read it again at a later date. First-party cookies are primarily used to provide users with a better, faster browsing experience on a website, as, e.g. certain settings configured by the user are stored in the cookie and do not need to be entered every time the user re-visits the site.
Third-party cookies are cookies that originate from a domain other than that of the website. Third-party cookies are generally used by our technology service providers or advertising customers (see above). Since advertising customers ('advertisers') normally wish to run their advertising campaigns across multiple domains or websites, third-party cookies enable them to recognise users on different domains and to store information in the third-party cookie. Should a user visit a website, for instance, the service provider that supplies an advert will place a third-party cookie on the user’s computer. The cookie can be used to track user data such as site visits and duration. Should the user later visit another website which contains an advert from the same advertising network, the same cookie will be used even though it comes from a different website, as the third-party supplier is the same in this situation. This means that the advertising network can follow the user beyond the limits of the domain and deliver targeted advertising to them.
Depending on the type and purpose of the cookies, the length of time for which they remain on your end device may be limited to the duration of your visit to the website or may extend over up to 6 months.
6.2. Your handling of cookies
You can delete cookies at any time through the settings in your web browser. You can also change the settings of your web browser and block all cookies. However, because cookies are also used for the purpose of website functionality, blocking them from your web browser can restrict your usage of different websites.
With all operators of online platforms that participate in the IAB Transparency and Consent Framework (TCF), including the Goldbach website, you will find something called a Consent Management Platform. This is a control interface, usually in the form of a (cookie) banner, in which you can configure your privacy settings. Here you can view, allow or prohibit the use of (first-party and third-party) cookies for various purposes. All Framework participants, including Goldbach, will comply with your settings.
Please note that the storage of the privacy settings you have configured as described above may be based on cookie technology (this varies from one online portal operator to another). For users who use multiple computers or browsers, this means that cookies must be deactivated for each computer and browser. When users switch computers or delete cookies from their computers, they must repeat the deactivation process.
6.3. API interfaces
An API interface is a programming interface that allows one software application to communicate with another one. Specifically, this means that information about the use of, e.g. a mobile or HbbTV app via this type of interface may be received by our suppliers that process information on our behalf for the above-mentioned purposes.
As a rule, you can control the extent of data collection via the API interface within the app, similar to a Consent Management Platform on websites (see above).
7. How long do we retain data?
We retain your personal data for as long as we consider necessary or prudent for compliance with applicable legislation or as long as it is required for the purposes for which it was gathered. We delete your personal data as soon as it is no longer required and always upon expiry of the maximum retention period mandated by statutory provisions.
8. How do we protect your personal data?
Goldbach and our service providers have technical and organisational security procedures in place to ensure the security of your personal data and to protect your session data and personal data against unauthorised or unlawful processing and/or against unintended loss, alteration, publication or access.
9. You have control of the scope of the processing of your data and a right to transparency
You have the right to opt out of data processing, particularly if we process your personal data based on a legitimate interest and the other applicable requirements are met. Furthermore, you may opt out of data processing in relation to direct marketing (e.g. advertising emails) at any time.
Provided that the relevant applicable requirements are met, and no statutory exceptions apply, you also have the right to information, rectification, erasure, restriction of data processing, and the right to receive the personal data provided by you in a commonly used format. Moreover, you have the right to revoke prospectively any consent you have given to us.
- Right to information: You have the right to be informed as to how we process your personal data and as to your rights in relation to the processing of your personal data. We fulfil this obligation by publishing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
- Right of access: You have the right to request access to your personal data stored by us at any time. This gives you the opportunity to check which personal data we process about you. In individual cases, the right of access may be restricted or excluded, particularly if there are doubts as to the identity concerned or if this is necessary for protecting other persons.
- Right to rectification: You have the right to have incorrect or incomplete personal data rectified or completed, or to have it supplemented with a note about the objection, and to be informed of the rectification.
- Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer necessary for the purposes pursued, you have validly revoked your consent or have validly opted out of the processing, or if the personal data is being processed unlawfully. The right to erasure may be excluded in individual cases, particularly if the processing is required in order to exercise the right of free expression or to enforce legal claims. We may also anonymise personal data so that it is no longer available. Please note that, even after you have requested the erasure of your personal data, we must retain it in some instances in accordance with our statutory or contractual retention duties. In such cases, we will only block your personal data to the extent required for this purpose. Furthermore, an erasure of your personal data may mean that you can no longer obtain or use the services registered by you.
- Right to restrict processing: Under certain conditions, you have the right to request that the processing of your personal data be restricted. This may mean, for instance, that the processing of personal data is (temporarily) discontinued or that published personal data is (temporarily) removed from a website.
- Right to the surrender or transfer of data: You have the right to obtain from us the personal data that you have provided to us in a structured, commonly used and machine-readable format if the specific data processing is based on your consent or is necessary for the performance of the contract and the processing is performed through automated processes.
- Right to revoke consent: If we process your personal data based on consent, you have the right to revoke your consent at any time. The revocation shall apply only for the future; however, past processing activities based on your consent are not rendered unlawful by your revocation. We reserve the right to continue to process personal data on a different basis in the event of a revocation of consent.
You may contact us as described in Section 11 if you wish to exercise one of your rights or if you have any questions about the processing of your personal data. You can also unsubscribe from newsletters and other promotional emails by clicking on the relevant link at the end of the email.
You are also free to lodge a complaint with the appropriate supervisory authority if you have any concerns as to whether the processing of your personal data is legally compliant.
The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
10. Changes to this Privacy Policy
This Privacy Policy may be amended over time, in particular if we further develop our website, implement new technologies, or if new legislation becomes applicable. In the event of significant changes, we will actively inform persons registered with us of such changes by contacting them at the email address provided during registration or by posting a corresponding notice at an appropriate location, where this is possible without disproportionate effort. In general, the Privacy Policy in the version current at the start of the processing in question applies to data processing in each case.
The original Privacy Policy is in German. The translated versions are for ease of comprehensibility only. In the event of discrepancies, the German text shall prevail.
11. Contact
If you have any questions, concerns or comments about the processing of your personal data or this privacy policy, please contact us by e-mail or mail at:
Goldbach Group Ltd
Seestrasse 39
CH-8700 Küsnacht (Canton of Zurich)
Switzerland
Email: [email protected]
If you contact us using a form on the website or by email, we will store the details you enter for the purposes of processing your query and in the event of follow-up questions, for a period of six months. We will not disclose this data without your consent.
Data Protection Officer:
Goldbach Group Ltd
Seestrasse 39
CH-8700 Küsnacht ZH
Switzerland
For requests from the EU area, you can contact our representative (Art. 27 GDPR):
ePrivacy GmbH
Burchardstrasse 14
20095 Hamburg
Germany
www.eprivacy.eu/en