YOOSE is a Singapore based company, serving clients all over the world, including the European Union. As such, we are bound by the General Data Protection Regulation (GDPR) as a Data Processor and as a Data Controller. Even without the new regulation, which goes into effect on May 25th, 2018, YOOSE takes your privacy, and the integrity of your data seriously.
Here are some key changes that YOOSE has made to become more secure:
- We have already been tightening our systems and safeguarding our data, through the enforcement of SSL (Secure Socket Layer) and HTTPS (Secure Hypertext Transfer Protocol, for encrypted web pages) across all of our websites, databases, and internal systems.
- We have migrated our Dashboard AWS server instance to a location in Frankfurt, Germany.
- We have worked to limit avenues of access to our data, through consolidation of systems. The logic is: the less
spread out our data is, the more control we have, and the less opportunities a breach can occur.
- We have implemented a request to delete feature on our platform that will allow owners of the data we hold to
instruct us to remove it from our servers.
- We have made our data retention policy more transparent (see ‘Data Retention Policy’ below.)
- We have researched the compliance of our suppliers, ensuring that we only work with companies that are serious about GDPR. To request documentation of a supplier’s compliance, please contact us at firstname.lastname@example.org.
GDPR defines managers of personal data into two groups: Data Processor, and Data Controller. What is the difference?
Article 4 of GDPR defines data controllers and data processors as below:
(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
YOOSE, in the relationship with our clients, is a Data Processor, we process advertising data on behalf of our client, designated as a Data Controller.
YOOSE, in the relationship with our suppliers, is a Data Controller, our suppliers, who process data on our behalf, are Data Processors.
1. What Personal Data does YOOSE collect and store?
This data is used to target users on specific types of mobiles advertising campaigns, called ‘retargeting campaigns’. In these cases, YOOSE may collect Advertising IDs, or Device IDs, and Cookies. These identify the user of a mobile device, and allow advertisers to track a user’s interactions with ads, for the purpose of targeting them with more personalised campaigns.
YOOSE will also append meta data: IP addresses, GPS coordinates, gender, sex, and other contextual information, as well as click and impression data as the users interact with ads. YOOSE does not and cannot collect the name, email, home address, identification numbers, or any directly identifiable information of these device owners.
YOOSE collects name, address, phone, email, and bank data on its customers and suppliers for the purpose of fulfilling contractual obligations.
YOOSE DATA RETENTION POLICY
- YOOSE will retain Advertising Data for a maximum of 1 year from the date of collection, unless otherwise specified.
- Contractual Data will be held indefinitely, and may be deleted from our servers upon request.
- Any customer who requests advertising from us may specify and authorise the retention period of their choice in
- We are bound to the terms of each order. At the end of the retention period, our system automates the removal of this data from our servers.
What relationships does YOOSE have with the suppliers that process or store this data?
Data Storage/Management: Amazon AWS and Google Cloud Data Processing for Reporting: Amazon AWS
Ad-Serving/Hosting: Amazon AWS
Data Processing for Ad Placements (Breakdown Tree):
■ Advertiser / Client (does not process data)
■ Demand Side Platforms (DSP)
■ Ad Exchanges
■ Mobile apps
■ Social Networks
2. What Personal Data does YOOSE collect and store?
We transparently disclose how we handle our client’s Contractual Data on each Insertion Order. When the client signs this order, they give us this consent.
For Advertising Data, consent is requested not from YOOSE, but from the publisher where the advertisements are placed, which will be the individual mobile websites (when the page is loaded), or mobile apps (when the app is downloaded from the app stores of Google and Apple), or the social networks (when the user signs up). YOOSE and its suppliers screen these publishers for compliance.
YOOSE DATA PROCESSING DISCLOSURE
To fulfil our contract with clients
- Contractual Data is processed by YOOSE, as a Data Processor.
To measure the performance of campaigns
- Advertising Data is processed by YOOSE, as a Data Processor.
To serve personalised ads
- Advertising Data is stored and managed securely with YOOSE, as a Data Controller.
- Advertising Data is processed through our Demand Side Platform (DSP) supplier, as a Data Processor.
RIGHT TO BE FORGOTTEN
If you believe YOOSE or our suppliers possess your personal data, you can request us to remove it here: request to delete
(Please note that if we are unable to identify you or your data, we cannot fulfil your request)
3. YOOSE Roadmap: What’s next?
- Continued security strengthening of YOOSE databases and applications, to meet future security challenges.
- Continued screening of new suppliers to ensure they are compliant.