zeotap GmbH (“we,” “our,” or “us”) is a data technology company that delivers innovative, device-centric and privacy-led data analytics and advertising solutions across industries.
Our partners (“Data Partners”) are mobile network operators, mobile application providers, media and technology platform and others that have access to certain customer information (“User Data”) that they wish to monetize by using our services. Our services include data analytics and advertising services (“Services”). You can learn more about our Services on our website at www.zeotap.com.
Our clients (“Clients”) are businesses, including brands and agencies (“Advertisers”), owners of media properties (“Publishers”), and other companies that send targeted advertising to mobile consumers. By using our Services, our clients are able to address a particular audience and tailor advertisements to the likely interests and preferences of such audience.
We work to ensure that our Services respect users’ privacy rights. To accomplish this goal, we adhere to privacy-by-design and privacy-by-default principles throughout the process of designing, building, and delivering our Services.
We do not process information that directly identifies a particular individual such as an unencrypted name, address or government-issued ID number. However, whether or not User Data we receive are considered personal or personally-identifiable data depends on, among other factors, the definition that applies in a user’s physical location. For example, in some locations a user’s IP address may be deemed to be personal data, while in others it is not.
By law, we are required to provide you with information regarding
-how and on what legal basis we use and disclose your personal data;
-how we take care for your privacy rights specific to your personal data;
The terms of this Policy apply to all User Data to the extent it contains your personal data as defined in the applicable laws and regulations.
This Policy also does not apply to information collected by our Data Partners or other third parties who may provide information to us, as their information handling practices are covered by their own privacy policies.
This Policy may change from time to time, so please check back periodically to ensure that you are aware of any changes in our processing of your Personal Data. If at any time in the future we plan to use Personal Data in a way that differs from this Policy, we will post Policy edits here and place notices on other pages of the Site as applicable, or by other means if required by law. You are responsible for ensuring that you are aware of the most recent version this Policy. This Policy was last modified on: February 9th, 2018.
The Policy’s wording can be technical; in case you have any questions, do not hesitate to write to [email protected]
Our Data Protection Officer is Pr. Dr. Christoph Bauer, member of the ePrivacy GmbH management team, who can be contacted on [email protected]
We receive the following categories of User Data from our Data Partners:
-mobile advertising device IDs such as Apple’s Identifier For Advertisers (IDFA) and Google Advertising ID (“Advertising ID / Ad ID”);
-hashed email addresses and hashed telephone numbers;
-demographic information like age, gender, city/region, income, language and mobile contract data such as prepaid/postpaid (“Demographic Data”);
-mobile app usage data about apps installed/accessed on a user’s device and app events and browsing data such as browsing URLs (“App Usage and Browsing Data”);
Our Data Partners may collect data directly from users (both online and offline) or receive data from third parties.
We request that our Data Partners provide users with all required information about the use of their data and provide an opt in / opt out option according to applicable laws and regulations.
When we obtain different User Data pertaining to the same device from multiple Data Partners, we aggregate such User Data and store it against the same Advertising ID (“Ad IDs”) or cookie. zeotap also maintains a separate ID inventory, which connects the User Data into a common ID (“zeoID”) and is an internal pseudonymous identifier.
We enhance User Data to create de-identified data segments and aggregate such segments into segment lists or Ad ID / cookie lists based on our Clients’ preferences. We then share such lists with our Clients to enable them to effectively target the relevant users.
We do not interact directly with users or their devices, unless a user sends us a deletion request along with their Ad ID, as described below under “Choice and Control Rights you Have”.
Below we describe the User Data categories in more detail.
Advertising IDs (“Ad IDs”) are user-resettable, unique, anonymized identifiers for advertising. Ad IDs identify a specific device and are implemented both on Apple iOS (“Identifier for Advertising” / “IDFA”) and Google Android (“Advertising ID”).
We obtain Ad IDs associated with de-identified User Data from our Data Partners. Ad IDs are then used by our Clients to identify advertising requests and to deliver relevant advertisements.
We may also use Ad IDs to establish a relationship between different User Data attributes pertaining to the same user. For example, if we obtain User Data that indicates a certain user is between 25 and 30 years old, and later learn from another Data Partner that the user of the same device is interested in a healthy lifestyle, we combine this information against the same Advertising ID (“Ad IDs”) or cookie.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply a cookie) is a small piece of data sent from a website and is stored in the user’s web browser while the user is browsing.
We set third party cookies on behalf of Publishers who provide space for the display of advertising within websites.
We use this information to facilitate the delivery of our Clients’ targeted Ads.
Some Data Partners or Clients may provide their offline data such as email addresses and phone numbers. We require that such data are hashed using secure hashing algorithms prior to sharing with zeotap.
We use hashed emails or phone numbers to establish a relationship between offline and online user profiles pertaining to a certain user. For example, our Client would like to run an advertising campaign on mobile devices targeting users whose email addresses and / or phone numbers the Client already has. However, without respective Ad IDs the Client cannot target the desired audience. By comparing hashed email addresses and phone numbers provided by the Client with the User Data we have from our Data Partners, we can match hashed email addresses or phone numbers to Ad IDs corresponding to the same user. As a result, we have a list of Ad IDs corresponding to the list of users the Client would like to target.
We may obtain demographic User Data from our Data Partners, such as:
-user demographics (e.g., age or age range and gender);
-general geographic area of the billing address and zip code;
-predicted or actual income tier;
-other demographic information that was received or collected by our Data Partners.
zeotap uses this information to create demographic segments about users, for example users who are “males, 30 to 34, living in Brooklyn.” We connect segments with Ad IDs so that our Clients can reach their target audiences on mobile devices.
We may obtain App Usage and Browsing Data from our Data Partners, such as:
-apps installed/accessed on a user’s device;
-app events such as purchases or sign-ups;
-browsing data such as Uniform Resource Locators (“URL”s).
URLs are web addresses, a specific character string that constitutes a reference to a resource. Most web browsers display the URL of a web page above the page in an address bar.
We transform App Usage and Browsing Data into aggregated segments based on interests or purchase intent (such as Sports Enthusiast, Health & Fitness Buffs) which are of interest for our Clients.
We may obtain purchase data from our Data Partners, such as:
-items you have bought in stores;
-items you have bought online;
-items you have put in a shopping basket online.
We may receive data from Data Partners about the physical location of a specific device, including latitude-longitude coordinates obtained through GPS tools, Wi-Fi or cell tower triangulation techniques.
The location data we receive from Data Partners may be generalized, non-precise location data, or we may render the location data non-precise, in order to provide generalized location data to our Clients. Our Clients may use inferences from this information to send localized Ads or targeted Ads.
In real-time bidding (“RTB”), Publishers send advertising bid requests (“Bid Requests”) in real-time to Advertisers, indicating that they have an open advertising space (“Impression”) to sell. The Impression is auctioned among interested Advertisers and sold to the highest bidder.
Bid Requests from mobile apps usually contain an Ad ID alongside information such as the IP address, type of the Impression (banner, audio, video), format, app, publisher, device, etc. We collect and use the Bid Request and Ad ID in order to participate in the RTB process on behalf of our Clients.
We render IP-addresses we receive as part of the Bid Requests imprecise to prevent the identification of a user. Our Clients may then use de-identified IP addresses to localize Ads.
Our Services enable our Clients to tailor advertising you see on your mobile device to your interests and preferences. As a result, the number of ads that are not relevant or of interest to you will be reduced. To achieve this goal, we need to process your personal data.
The legitimate interest of facilitating targeted online marketing is our basis for the processing of your data.
Our Data Partners or other third parties who provide User Data to us may use another basis; such as consent to process your personal data and share it with us according their respective privacy policies.
Any processing of your personal data by zeotap is subject to your rights of choice and control as explained below.
We share User Data with the following categories of Clients:
-brands and agencies (“Advertisers”);
owners of media properties (“Publishers”) and -other companies that send targeted advertising to mobile consumers;
-third party data platforms such as Demand Side Platforms (DSPs), Data Management Platforms (DMPs), advertising marketplaces, ad networks etc. (“Data Platform”).
Advertisers and Publishers do not receive access to Ad IDs, Cookies, hashed email addresses or phone numbers. They may only see the list of segments created on the basis of User Data that serve as targeting criteria.
Data Platforms only receive access to segment names and respective Ad IDs or Cookies. They are never granted access to hashed email addresses or phone numbers.
We only share hashed email addresses and hashed phone numbers with Advertisers that wish to match their offline users data to Ad IDs or Cookies to be able to target their customers on mobile devices. Data is not shared on a device specific level, but shared as a list.
Furthermore, we may share your User Data with third party vendors that help us extract valuable insights from raw User Data. For example, if zeotap receives raw app ID like 123456, this information in itself is not useful. Therefore, we use a third party engine to convert the numerical ID to the actual app name (e.g. “Gardening Advice App”) which can be used for the purposes of targeted advertising. Similar engines are used for making sense out of Browsing Data. In all of these processes, only the App Usage and Browsing Data are sent to external vendors who send us back the processed output. No identifiers such as Ad IDs, cookies, hashed email addresses or phone numbers are shared with third party vendors.
We store User Data in data centers provided by third parties.
We also share your User Data information with our affiliates in the USA and India that provide technical support and help zeotap operationally perform the services.
We will also disclose your User Data in response to valid legal processes, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. We are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with us, or our affiliates. In these cases, we will require the acquiring company to carry on the material terms of this Policy, including the requests for account deletion.
When we share User Data with the recipients described above, such sharing may constitute a transfer outside of your home location. By law, we are required to ensure that the level of protection guaranteed for your personal data by the European laws is not undermined by such transfer. Some recipients of data may be participants of programs like the Privacy Shield which enables them to ensure the appropriate level of protection. In other cases we enter the EU Standard Contractual Clauses with respective User Data recipients.
We take appropriate technical and organizational safeguards to protect any personal data we receive from theft, loss, and unauthorized access. We follow generally accepted standards to protect personal User Data throughout the entire use cycle starting from the initial transfer until deletion.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Your personal data belongs to you. You have the right to erase any User Data that we may have in our systems or restrict its processing. The options to exercise these rights are described below.
-You may opt-out from targeted advertising by selecting the “Limit Ad Tracking” on iOS or “ “Opt-out of interest-based ads”” on Google Android. In this case, we will keep your User Data until you request us to delete it, but we will not use it for targeted advertising purposes, and activity on your mobile device will be effectively invisible to us. You may reset the Ad ID by selecting the option “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android. This will delete your current Ad ID from your device and replace it with a new Ad ID. As a result, we will not receive any Bid Requests containing the old Ad ID anymore. After a certain amount of time we will delete the old Ad IDs and related User Data. However, we may receive access to your new Ad ID and match it with other User Data we might receive from our Data Partners over time.
-You may opt out by clearing or blocking our cookies in the settings of your mobile browser. In this case, we will keep your data, but we will not be able to use it to target your device when you are browsing mobile websites. However, regardless of the deletion of cookies, your device can still be targeted when you are using apps on the basis of your Ad ID.
-Users may delete data associated with their Ad ID by submitting their Ad ID to our Privacy Team [email protected] We will delete all User Data associated with the submitted Ad ID. This will delete all related data and prevent any future collection and use of data associated with the Ad ID. If we did not have your Ad ID, but had some other data such as cookies, hashed email addresses or hashed phone numbers, we will keep this data unless our Data Partner informs us that these have to be deleted.
Please note that using the above options does not mean you will block mobile advertising but it means that the ads you receive will not be personalized for you.
Apart from the rights to require the deletion of your data or restriction of processing, you have the right to access your personal User Data, to request rectification of your personal User Data, to lodge a complaint with a supervisory data protection authority and the right to data portability. In order to enforce one of these other rights, please submit your request together with your Ad ID to our Privacy Team [email protected]
We retain data until the occurrence of the following events:
-expiration of the retention period according to the zeotap retention policy;
-request from a Data Partner to delete certain User Data; or
-the user submits his Ad ID to us for deletion of associated data.
We do not knowingly collect, use, or share:
-Data about users under the age of thirteen (13); and
-Data about past or current activity on applications directed at children under the age of thirteen (13).
If you are a resident of California, USA resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your PII (as defined by California law) by zeotap or its subsidiaries to a third party for the third party’s direct marketing purposes. You may request this information in writing using the information under “Contact Us” below.
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain online activities, over time and across different websites. We do not honor “Do Not Track” signals.
If you have any questions or suggestions about this Policy and our privacy practices, please contact us at: [email protected]
10178 Berlin, Germany
zeotap GmbH (“zeotap,” “we,” “our,” or “us”) is a data technology company that delivers innovative, device-centric, and privacy-led data analytics and advertising solutions across industries. zeotap is committed to protecting the privacy of visitors to our website www.zeotap.com (the “Site”).
By law, we are required to provide you with information regarding how and on what legal basis we use and disclose your personal data, your privacy rights specific to your personal data, and how you can reach us in case you have any concerns regarding this Policy or the way we are handling your data.
This Policy may change from time to time, so please check back periodically to ensure that you are aware of any changes in our processing of your Personal Information. If at any time in the future we plan to use Personal Information in a way that differs from this Policy, we will post those changes here, or by other means if required by law. You are responsible for ensuring that you are aware of the most recent version this Policy. This Policy was last modified on: February 8th, 2018.
zeotap is the data controller of Personal Information collected via this Site in the sense of European privacy laws. You can find our contact details in the Imprint section linked at the bottom of the website.
If you have any questions or comments, or if you would like to exercise your rights as described below, or if you have a concern about the way in which we have handled any privacy matter, you may contact us at: [email protected]
Our Data Protection Officer is Pr. Dr. Christoph Bauer, CEO of ePrivacy GmbH. You can contact him per postal mail or email at:
Attn. Prof. Dr. Christoph Bauer
Große Bleichen 21,
When you subscribe to our newsletter, write us an email, submit your personal details via our contact form or as part of a job application, you consent to the collection, use and retention of your Personal Information as explained in the Policy.
Personal Information you submit to us includes:
-company you work for;
-Personal Information in the documents that you send or submit to us.
Besides that, we also collect and use certain Personal Information for our legitimate business purposes such as visitor statistics, improvement of this Site, and advertising of our services.
Personal Information we collect without asking for your consent in advance may include:
URL addresses of this Site;
date you visited this Site.
It is always your choice whether or not to provide us with Personal Information. If you choose not to provide the requested information you may not be able to access certain features on our Site. You may access, change, modify or delete your information at any time as described below.
While visiting our Site, you may provide us your Personal Information.
If you subscribe to our newsletter, Newstap, we collect your email address and your choice of the country for which you would like to receive updates so we may send you the newsletter by email.
If you download the case studies listed on our webpage, we collect your first and last name, email address, phone number and organization name so we may send you our newsletter or advertisements.
If you contact us through our Get in Touch page, we collect your name, your company and email address so we can respond to you.
We retain this information as long as necessary for our above mentioned business purposes.
We may share your Personal Information with our subsidiaries outside the European Union. By law, we are required to ensure that the level of protection guaranteed for your personal data by the European laws is not undermined by such transfer, therefore we enter the EU Standard Contractual Clauses with the respective subsidiary.
You can revoke your consent at any time by submitting a request to [email protected]
If you apply for a job on the Site, we collect your first and last name, email, phone number, citizenship, work permit information, education level, employment history, salary history and any Personal Information you choose to submit on a cover letter, recommendation letter or CV (“Application documents”). We use this information to assess your qualifications for open positions and to contact you for further information if we deem it necessary. We may retain your information to assess your qualification until the position is filled or, in case you explicitly agree to it while applying, in our Talentpool for no longer than 24 months in order to contact you about other potentially suitable job positions.
By submitting your Application Documents you explicitly agree that your information may be transferred to our subsidiaries and vendors (such as applicant tracking software provider) outside the European Union. By law, we are required to ensure that the level of protection guaranteed for your personal data by the European laws is not undermined by such transfer, therefore we enter the EU Standard Contractual Clauses with the respective subsidiary.
You can revoke your consent at anytime by submitting a request to [email protected]
When you visit the Site, we use “cookies.” A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It allows the website to remember your activities and preferences (such as login, language, font size and other display preferences). Cookies do not typically contain any information that personally identifies a user but, Personal Information that we may store about you, may be linked to the information stored in and obtained from cookies.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until it reaches its expiry date, or it is deleted by the user before the expiry date; a session cookie, instead, will expire at the end of the user session, when the web browser is closed.
On our Site we use the following cookies:
These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. Targeted advertisements may be displayed to you based on your previous visits to this website. For example, advertisements about a topic you have expressed an interest in while browsing our Site may be displayed to you across the web. In addition, these cookies measure the conversion rate of ads presented to the user. For more information, please visit www.google.com/policies/privacy/partners/. If you wish to disable DoubleClick cookies on your browser please visit this website.
These are first-party cookies that are used to analyse the use of our website. We use the information for the sites analytics reports and to improve the Site. The cookies collect information in an anonymous form, including the number of visitors, session and campaign data.
For more information, please visit www.google.com/policies/privacy/partners/.
If you wish to disable Google Analytics on your browser, please visit: http://tools.google.com/dlpage/gaoptout
‘wfvt’ – Cookies contain information about your general geographic location (used to remember your time zone, for example).
‘wordfence_verifiedHuman’ – Cookies are used to protect the site against malicious attacks. This is a strictly necessary cookie.
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
If you disable your web browser’s ability to accept cookies, you will be able to browse the Site, but will not be able to access or take advantage of all the features and services on the Site.
We do not disclose your Personal Information to third parties for direct marketing purposes.
We may disclose your Personal Information in the following cases:
We may disclose your Personal Information to third party vendors who help us operate the Site. These third parties are obligated to comply with applicable data protection laws and applicable regulations.
We will disclose your information in response to valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. We are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with us, or our affiliates. In these cases, we will require the acquiring company to carry on the material terms of this privacy statement, including the requests for account deletion.
We take appropriate physical, technical and organizational safeguards to protect any Personal Information from theft, other loss, misuse, and any unauthorized access, copying, collection, use, disclosure, alteration or destruction. We follow generally accepted standards to protect the Personal Information throughout the entire use cycle starting from the initial transfer till deletion.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Our Site is directed to individuals who are the age of majority or older in their jurisdiction. We do not knowingly collect, use, or share:
-Data about users under the age of thirteen (13); and
-Data about past or current activity on applications directed at children under the age of thirteen (13).
If you believe your child has provided information to the Site, please contact us using the information provided below.
If we learn we have collected or obtained Personal Information of individuals under 13, we will delete that information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us once a year, free of charge, information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to as listed below. We currently do not honor Do Not Track signals.
You may at any time ask for the deletion, review, or rectification of your Personal Information by contacting us using the contact information provided by this Policy. You may also ask us to limit or suspend the use and processing of your Personal Information when:
-you request us to verify the accuracy of your information,
-our use of your Personal Information is unlawful, but you do not want such information to be deleted, and
-we no longer need your Personal Information, but you need this information for the establishment, exercise or defence of legal claims.
Upon your request, we will deactivate or delete your account and contact information from our active databases, consistent with the Site’s functionality. Such information will be deactivated or deleted as soon as practicable based on your account activity and accordance with our deactivation policy and applicable law.
You may also request us to provide you your Personal Information in a structured, commonly used and machine-readable format or to transmit this information to another company or individual.
Apart from the rights described above you have the right to lodge a complaint with a supervisory data protection authority.