Last Updated: September 20, 2020
Purple Patch. (“Purple Patch” or “we”, “us”, “our”) is a technology company that creates and delivers advertisements to mobile & desktop devices. This privacy statement (“Policy”) explains what kinds of information we collect and how Purple Patch strives to collect, use and disclose information in a manner consistent with the laws of the countries in which we do business. This Policy applies to our advertising platform (“Platform”) our advertising mediation service (“Service”) as well as our website located at https://purplepatch.online/.
Purple Patch is committed to protecting the privacy of advertising users accessing the Platform, visitors to our Websites, and other Internet users (“Data Subjects” or “you”, “your”). If you have any concerns about this Policy or your privacy when your business or mobile device accesses our Service, please send an email to firstname.lastname@example.org and we will try to address your concern.
Purple Patch collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Economic Area (EEA), personal data is defined broadly, and would include PII and Pseudonymous Identifiers (defined below). California’s privacy law defines personal information broadly, and would include PII and Pseudonymous Identifiers. Purple Patch will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Policy.
PERSONALLY IDENTIFIABLE INFORMATION (PII)
Purple Patch collects personally identifiable information (“PII”) when you choose to provide it to us. PII is any information that specifically identifies or locates a particular person or entity. We receive and store any PII you provide to us. The types of PII collected includes your name, postal address, telephone number, email address and other PII that you choose to provide on a particular data collection form. For example, you may choose to send PII about yourself in an email, by completing an online form on the Websites, by inquiring about employment or applying for a job at Purple Patch or by signing up for our service or e-newsletter. You may also provide us with PII in order to set up an account with us. Purple Patch uses this information for our reasonable business purposes, including to contact you to respond to your inquiry, to provide the service requested or to maintain your account with us. We may share your PII with partners such as advertising supply-side platforms as necessary to facilitate the Service. Once obtained, Purple Patch will store your PII for as long as needed to provide services and for a reasonable time thereafter for record keeping purposes.
In order to find the most interesting and valued advertising messages, Purple Patch collects pseudonymous identifiers. Pseudonymous means that we don’t know your identity as a natural person, but it helps us collect and make use of other personal data to better understand your interests and preferences. We describe this further in the “Other Personal Data” section below.
The pseudonymous identifiers include Google Advertising ID, Apple Identifier for Advertisers, and IP address.
OTHER PERSONAL DATA
Purple Patch also collects other personal data from our Websites such as Web pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to the Websites, the referring URL and your computer’s operating system.
In our Service and Platform we collect information from and about mobile apps that display ads, the specific ads viewed, interactions and transactions within ads or apps, the time/date of these events, mobile device type and characteristics, and mobile service provider.
We may use a third-party analytics provider to help us collect and manage this data. We use this information to help manage and improve your experience on our Websites or with our advertising Service.
In some cases, a mobile application may allow you to grant permission to send us location data such as latitude and longitude, and we may also store and process that in order to help deliver ads based upon the location of your mobile device. We have described our uses further in the section “Overview of Purple Patch’s Platform & Services” below.
NO SENSITIVE PERSONAL DATA
Purple Patch does not collect sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor does it process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
On our Websites, we may utilize “cookies” to automatically collect information about visitors to the Websites. Cookies are alphanumeric identifiers that reside within your browser and that allow us to recognize your browser and tell us how and when pages on our Websites are visited and by how many people. Our cookies do not collect PII. You may be able to change the preferences on your browser to prevent or limit your computer’s or mobile device’s acceptance of cookies, but this may prevent you from taking advantage of some features of the Websites. We may also collect information on our Websites using Web “beacons.” Web beacons are electronic images used on the Websites or in our emails. We use web beacons to deliver cookies, count visits, understand usage and activity on the Website and to tell if an email has been opened and acted upon. For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/cookies/.
For more information about the cookies we use, please see our cookie declaration page.
We also partner with Google Analytics to learn more about how you use our website – under CCPA, this may be considered a sale. For more information about how Google Analytics works you can visit this link. To opt-out of Google Analytics, you can visit here and follow the instructions.
CONTROLLING OUR USE OF DATA
You can always opt not to disclose certain data to us, but keep in mind all of the data we collect is needed to take advantage of some features of the Websites or to help us find the most interesting and relevant advertising messages to share with you while you are using apps developed by our Publishers. You may request deletion of your data using one of the online forms below. If you have questions or other requests regarding your data, you may send those via e-mail to email@example.com.
Purple Patch’s Platform & Services
Purple Patch provides an advertising network and technology platform (“Platform”) and advertising mediation service (“Service”) to connect mobile application and site publishers (“Publishers”) with advertisers (“Clients”). Our Platform facilitates the efficient serving of targeted advertisements with Publishers by collecting information across multiple non-affiliated Publishers. The Service helps publishers fill their inventory of available advertising slots via our third-party partners. Our Platform obtain this pseudonymous personal information to deliver, tailor, and report on the ads being run across our Platform and Service by our Clients. The Service mostly acts as an agent of our Publishers and transfers pseudonymous personal information from our Publishers to third-party partners so they may help those Publishers deliver, tailor and report on the ads being run.
INFORMATION COLLECTED BY OUR TECHNOLOGY PLATFORM
In the course of running our Platform and Services, we collect information from Publishers and use such data for a number of purposes.
- Our technology Platform collects and uses personal data, including but not limited to: the name of the Publishers on which the advertisement is served, the IP address used to access the Internet, device advertising identifiers (Google Advertising ID, Apple Identifier for Advertisers), the type of phone or other mobile device used (e.g., iPhone, iPad etc.), the operating system (Android, iOS), the date and time a particular ad is served, whether one of the ads we facilitate was delivered and, if applicable, a record if that ad was “clicked” or if it originated from a follow-up action to a third party such as a “conversion” event. We also collect personal data to help us optimize and/or refrain from advertising for a mobile application that has already been downloaded onto a device.
- Our technology Platform also collects and uses precise location data about a device from mobile applications and advertising exchanges and may match the device location to certain residential or commercial points of interest such as a “neighborhood”, “coffee shop” or “Sports arena” for interest-based advertising, ad targeting, analytics and market research purposes.
- We sometimes work with third-party data partners and advertising exchanges to enhance our advertising and targeting capabilities on the Platform. As determined by our partners’ business and privacy policies, we may also receive and retain information from partners’ Publishers including but not limited to: the current location of the device, third-party applications on the device or in use at the time of our advertising transaction with the device, the Users age, gender or other demographic indicator, and we may use or derive data obtained from third parties such as approximate location based on IP address to help match data sets, although such data is processed outside of our Platform. We also collect Pseudonymous Identifiers and other personal data over time and across multiple Publishers and use that information to provide reports to advertisers and others and to help us display advertisements that may be of interest to Users. Based on the privacy rules of the site or application owner and their business agreement with Purple Patch, we may integrate this Information with that acquired from other Publishers and third-party data providers. This information is then used to deliver advertisements and promotional information to the specific device identified based on the User’s online behavior or interests. This activity, called online behavioral advertising or interest-based advertising, is currently limited to our advertising on mobile applications.
Purple Patch complies with the Digital Advertising Alliance (DAA) Self-Regulatory Code.
Choices Regarding Ad Targeting And Data Use
Purple Patch offers multiple-choice mechanisms that enable Users to opt-out of Purple Patch’s use of information for interest-based advertising as well as certain uses of precise location. We do not currently respond to browser-based Do Not Track signals because our Platform and Service operate primarily in the mobile application advertising space, and Do Not Track is browser based. Please note that you will continue to receive advertising after you opt-out, but it may not be tailored to your interests. Please also note that our opt-out mechanism is browser or device specific. Therefore, if you use multiple browsers / devices you will need to perform the opt-out operation for each browser or device. Certain devices and device configurations may prevent our opt-out from operating correctly. Persons located in the European Economic Area have the right to object to our processing of their personal data and/or revoke their consent as described below.
OPT-OUT FROM OR OBJECT TO OUR INTEREST-BASED ADVERTISING AND/OR OUR SALE OF PERSONAL INFORMATION
We honor Apple “Limit Ad Tracking” and Google Opt out of “Ads Personalization” device settings. When we see those setting enacted on a mobile device, we treat that setting as a request to opt-out from interest based advertising and a request to opt-out from Purple Patch’s sale of data to third parties. Purple Patch works very hard to respect privacy and personal data and sees these global tools as having a damaging effect on your experience with advertising. There will always be advertising, so we believe that the best world is one where that ads are relevant to your interests and where you have granular control over which ad networks you trust with your personal data, not a tracking block for all ad networks.
Purple Patch provides this granular control through special integration with the AdChoices icon in our ads. In order to properly opt-out of Purple Patch ads, first, on Apple (iOS) please TURN OFF “ Limit ad tracking ” or on Google (Android) TURN ON “ Ads Personalization ”. Then, when you see the AdChoices icon on one of our ads, tap on the AdChoices icon, and you will be directed to this page. For your convenience, the form (below) to opt out of interest-based advertising will be prefilled with your advertising ID and IP address. Finally, click submit to revoke the consent we have claimed to store and process your data by legitimate interest. (See “Special Data Protections by EEA Data Subjects”)
Regardless of how you choose to share your preferences for interest-based ads tracking, for devices where we are able to see that an opt-out selection has been made, we will stop tracking your activities for the purposes of serving interest-based advertising.
PRECISE LOCATION CHOICES
If you’d like to adjust your choices regarding the use of precise location data by third parties such as Purple Patch, you may do so via your device settings. For your convenience, we provide links to instructions for both Apple iOS and Android devices. Also, most mobile applications that collect precise location information offer mechanisms to control the collection and use of precise location information. Please note that these choice mechanisms won’t impact previously collected precise location information.
OPT-OUT FROM OUR PARTNER’S INTEREST-BASED ADVERTISING
Many of our partners that enable targeted advertising are members of one or more digital advertising industry self-regulatory programs. You may click below for the Network Advertising Initiative (“NAI”), Digital Advertising Alliance (“DAA”) and European Digital Advertising Alliance (“eDAA”) opt-out tools to learn more about targeted or interest-based advertising and to opt out of certain targeting programs.
ONWARD TRANSFER OF YOUR PERSONAL DATA
Purple Patch may share personal data with trusted partners. These third party contractors are prohibited from using the information for purposes other than performing services for Purple Patch. The categories of third-party service providers used by Purple Patch include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors.
Processing Purposes – We provide our Clients with information about how many Users view or click the advertising served using our Platform. Similarly, we may share personal data with the Publishers on which we serve ads in order to optimize and report on the delivery of those ads. We may share information with ad networks, advertising exchanges, ad agencies in connection with the Platform in Service for the business purpose of facilitating and targeting advertising campaigns. This information cannot be used to contact or identify any person individually, but may be considered personal data in some jurisdictions.
Finally, Purple Patch may transfer information, including any personally identifiable information, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Purple Patch is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via a notice on our Websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data. In the context of an onward transfer, Purple Patch is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Consent to Worldwide Transfer and Processing of Personal Information
Data security – The security of your information is important to us. We have implemented reasonable security measures to protect the information in our care, both during transmission and once we receive it. However, due to the inherent nature of the Internet as an open, global communications means, we cannot guarantee that your information, during transmission through the Internet or while stored on our Platform or otherwise in our care, will be absolutely secure from intrusion by others, such as hackers. If you contact us by e-mail, a “contact us” or a similar feature on our Websites, you should be aware that your transmission might not be secure and that a third party could view information you send by these methods in transit.
Children – Purple Patch adheres to the Children’s Online Privacy Protection Act (COPPA) and the children’s privacy provisions of the General Data Privacy Regulation in the EU. We do not knowingly create nor use any interest-based advertising segments of children under 13 as part of our Services. Our Websites are not directed at children under the age of 13. If we are made aware that we have received PII from someone under 13, we will use reasonable efforts to remove that information from our records. Where applicable law raises the age range from 13 to 16, Purple Patch complies with those laws.
Data Integrity, Purpose Limitation – We process information in a way that is compatible with and relevant for the purpose for which it was collected as described above. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
Data Retention – We store PII such as email address, telephone number or billing details for as long as you continue to have a business relationship with Purple Patch and for a reasonable time thereafter for record keeping purposes or as required by law. You may ask us to delete that information by following the instructions in “Access or Deletion” section. Where we store PII you provide on our Websites as a Publisher or Client as described in “Personally Identifiable Information (PII)” section above, we use and retain such PII only as you direct.
We store Pseudonymous Identifiers such as device identifiers, IP addresses, as well as other personal data and cookie IDs so long as our systems continue to encounter a particular User. We retain raw information associated with Pseudonymous Identifiers that we have collected for up to 13 months, after which time the raw information is deleted and any remaining information is anonymized or aggregated with no residual personal data.
Your Data Access Rights
- If you are a Client or Publisher (i.e. a User with an account on one of our Websites), you have a right to access to your personal data and you may update, correct, or delete your account information and email preferences at any time by logging in to your account and changing the information on file or by e-mailing Purple Patch at firstname.lastname@example.org with your request.
- If you are an ad User (i.e. you view ads delivered by our advertising Service or Platform), you may request to “know” (i.e., see) your personal data (which you can use to port your data to another provider), request that we “forget” (i.e., delete) your personal data by selecting the appropriate form below and submitting your request. By submitting your request below you also consent to our storing and processing that personal data so that we can fulfill your request. California and EU data subjects may enjoy additional rights and protections as described below.
- Similarly, if you’ve provided us with PII via the Websites and you don’t have ready access to an account, you may send us an email at email@example.com.
- To protect your privacy and security, we take reasonable steps in all cases to verify your identity before granting Users profile access and we will respond / comply within 30 days.
Special Data Protections for California Data Subjects
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
You may access those rights with respect to Purple Patch by completing the data subject access request form (below). As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will attempt to confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. The CCPA also defines the sale of personal information broadly and as such Purple Patch is considered to have sold the categories of information we collect via the Platform over the past 12 months.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we may request that any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
Special Data Protections for EEA Data Subjects
As of 25 May 2018, the General Data Privacy Regulation (“GDPR”) affords additional rights to EEA data subjects. As an EEA data subject, you have the right – partly under certain conditions:
- to request information about the processing of your data free of charge, as well as the receipt of a copy of your personal data. You can request information on the purposes of the processing, the categories of personal data being processed, the recipients of the data (if they are passed on), the duration of the storage or the criteria for determining the duration;
- to correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes;
- to delete or block your data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully;
- to restrict the processing;
- to object the processing of your data;
- to revoke your consent to the processing of your data in the future, and;
- to complain to the competent supervisory authority about inadmissible data processing.
As an EEA data subject, you may invoke the above rights regarding the personal data processed by Purple Patch by completing our EEA data subject access request form (below). Moreover, with respect to EEA data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID.
Legal Bases for Processing – Where Purple Patch is a controller of data (e.g., via most of our advertising Services), the legal basis will be both legitimate interest (Art. 6 (1) f) GDPR) and consent (Art. 6 (1) a) GDPR) depending on the type of information subject to processing and the information we receive from upstream partners. We may also process data for the performance of a contract with you (Art. 6 (1) b) GDPR).
Where we rely upon legitimate interest, we have assessed the processing is not high risk, does not involve the processing of sensitive data and will not violate fundamental human rights. (See a more detailed explanation in the “Legitimate Interest” section below.) In the event that Purple Patch is a processor of data, the legal basis for processing such data is determined by Publishers and/or our Clients.
Where Purple Patch receives from an EEA data subject a request to cease processing of data via one of the choice mechanisms listed above, Purple Patch will stop all data processing with respect to the opted out device except in the routing or grouping of the data in order to complete an advertising request or unless such processing is required by law. (See “Contact Information” section for Purple Patch’s data protection officer and EU Representative.)
Cross-Border Data Transfer into the United States
Purple Patch has assessed that it has legitimate interest in the collection of this information pursuant to 6(1)(f) of General Data Protection Regulation (GDPR). In our assessment, we believe that all data processing currently engaged upon via the Purple Patch Marketplace falls under the “legitimate interest” legal basis. A summary of our rationale is as follows:
- Pre-internet, digital publishers were able to monetize their audience subscription lists for direct marketing purposes utilizing legitimate interest, and advertisers were able to use that data for direct marketing purposes on the same basis. Data subjects typically had to pay subscription fees to access content.
- In the digital age, publishers still need to monetize their audiences in order to continue to provide free content and Advertisers continue to need to reach their desired audiences. Data subjects have become increasingly reluctant to pay cash for digital content from Web sites and mobile apps.
- The types of data segments utilized by Purple Patch (e.g., pseudonymous personal data) and the profiling activities are not generally considered high risk per the guidance of the A29WP.
- Users are increasingly savvy about the types of data being collected about them via Web sites for digital advertising. Moreover, transparency tools which explain the data collection practices of companies such as Purple Patch are increasingly ubiquitous.
- Purple Patch adopts reasonable controls to ensure that the data collected is secured and won’t fall into the hands of an entity that might be in position to harm the human rights of data subjects.
- Thus, the balance of interests leans towards the benefits generated for data subjects, publishers and advertisers, and those benefits outweigh the risks to the fundamental human rights of data subjects.
- Accordingly, Purple Patch feels confident that the processing activities engaged upon via the Purple Patch marketplace fall under the legal basis of legitimate interest.
Questions or comments regarding this Policy should be submitted to the Purple Patch Privacy Office by mail or e-mail as follows:
Purple Patch Privacy Office
Bashati Dream, Flat No. 6-B, House No: 03, Road: 20, Gulshan 01, Dhaka 1209, Bangladesh
Regarding incoming requests which can’t be processed internally by Purple Patch personnel, please send them for a further review to Purple Patch’s external DPO and EU representative.
EXTERNAL DATA PROTECTION OFFICER (DPO) AND REPRESENTATIVE
represented by Mohammad Sarwar Bin Anis
House 15 Rd No 128, Dhaka 1212
PRIVACY COMPLAINTS BY EUROPEAN UNION AND SWISS CITIZENS
We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Digital Trading Standards Group (DTSG) has created a set of high-level Principles aimed at minimizing the risk of ad misplacement and Purple Patch adheres to those principles.
DIGITAL TRADING STATEMENT
Purple Patch is committed to providing outstanding customer service and brand safety for our Clients and Publishers. We are dedicated to providing complete transparency and control over how brands appear around Publisher content. To achieve this, we set out here our brand protection policy and processes for all campaigns run across our network and our use of campaign whitelists according to your instructions. Purple Patch operates with premium inventory on identified Publishers containing appropriate content and offers ad placements across a secure list of premium, vetted mobile websites and apps. We also work with premium publisher partners, with established reputations, grounded in strong brand values, credibility, and trust.
We will run campaigns across our network of brand-safe premium sites in conjunction with our internal blacklist criteria and with any blacklist or whitelist requested by the advertiser or their agency. Additionally, when requested, we will remove advertising from any url upon instructions from the advertiser or their agency.
OUR BRAND PROTECTION & BLACKLIST POLICY
Purple Patch operates a blacklist policy and will not serve any advertisements to any sites containing the following generic categories including but not limited to the headings below:
- Adult Content
- Hate speech
- Offensive language
- Illegal drugs
- Illegal downloads
In addition, if sites are identified as being inappropriate whilst not falling into the identified categories they will be added to a blacklist to be supplied to any supplier or inventory.
ADVERTISER & AGENCY BLACKLISTS / WHITELISTS
Any blacklist or whitelist supplied by an advertiser or their agency will be used in addition to Purple Patch blacklist or whitelist for use on specified campaigns or for any stated period.
In the event of a client’s advertisement appearing on a mobile website or mobile application that the client deems inappropriate or unsuitable, Purple Patch will make every effort to take down the advertisement as soon as possible or within the timescales specified in individual terms and conditions and, if requested, will add that site to our blacklist to be used for any future campaigns for that client.
AD MISPLACEMENT NOTIFICATION
Any incidents of ad misplacement identified by agencies, Clients, or Publishers can be notified to firstname.lastname@example.org. We would be grateful if you could provide as much information as possible including the date, time and app or Website on which you saw the ad along with the brand that was being advertised and the reason why you believe it was misplaced. Ideally, we can most effectively respond if you provide a screenshot or video of the offending or misplaced ad.
The contractual consequences of not taking down an ad in accordance with this policy are evaluated and agreed with the buyer on a case by case basis.