Purple Patch. (“Purple Patch” or “we”, “us”, “our”) is a technology company that creates and delivers advertisements to mobile & desktop devices. This privacy statement (“Policy”) explains what kinds of information we collect and how Purple Patch strives to collect, use and disclose information in a manner consistent with the laws of the countries in which we do business. This Policy applies to our advertising platform (“Platform”) our advertising mediation service (“Service”) as well as our website located at https://purplepatch.online/.
Purple Patch is committed to protecting the privacy of advertising users accessing the Platform, visitors to our Websites, and other Internet users (“Data Subjects” or “you”, “your”). If you have any concerns about this Policy or your privacy when your business or mobile device accesses our Service, please send an email to firstname.lastname@example.org and we will try to address your concern.
Purple Patch collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Economic Area (EEA), personal data is defined broadly, and would include PII and Pseudonymous Identifiers (defined below). California’s privacy law defines personal information broadly, and would include PII and Pseudonymous Identifiers. Purple Patch will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Policy.
Purple Patch collects personally identifiable information (“PII”) when you choose to provide it to us. PII is any information that specifically identifies or locates a particular person or entity. We receive and store any PII you provide to us. The types of PII collected includes your name, postal address, telephone number, email address, job title, country, company, type of company, IAB segment and other PII that you choose to provide on a particular data collection form. For example, you may choose to send PII about yourself in an email, by completing an online form on the Websites, by inquiring about employment or applying for a job at Purple Patch or by signing up for our service or e-newsletter. You may also provide us with PII in order to set up an account with us. Purple Patch uses this information for our reasonable business purposes, including to contact you to respond to your inquiry, to provide the service requested or to maintain your account with us. We may share your PII with partners such as advertising supply-side platforms as necessary to facilitate the Service. Once obtained, Purple Patch will store your PII for as long as needed to provide services and for a reasonable time thereafter for record keeping purposes.
In order to find the most interesting and valued advertising messages, Purple Patch collects pseudonymous identifiers. Pseudonymous means that we do not know your identity as a natural person, but it helps us collect and make use of other personal data to better understand your interests and preferences. We describe this further in the “Other Personal Data” section below.
The pseudonymous identifiers include Google Advertising ID, Apple Identifier for Advertisers, and IP address.
Purple Patch also collects other personal data from our Websites such as Web pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to the Websites, the referring URL and your computer’s operating system.
In our Service and Platform we collect information from and about websites and mobile apps that display ads, the specific ads viewed, interactions and transactions within ads or apps, the time/date of these events, mobile device type and characteristics, and mobile service provider.
We use a in-house analytics data store to help us collect and manage this data. We use this information to help manage and improve your experience on our Websites or with our advertising Service.
In some cases, we may store and process approximate location data as derived from the IP address that in order to help deliver ads based upon the location of your desktop and mobile device.
Purple Patch does not collect sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor does it process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
On our Websites, we may utilize “cookies” to automatically collect information about visitors to the Websites. Cookies are alphanumeric identifiers that reside within your browser and that allow us to recognize your browser and tell us how and when pages on our Websites are visited and by how many people. Our cookies do not collect PII. You may be able to change the preferences on your browser to prevent or limit your computer’s or mobile device’s acceptance of cookies, but this may prevent you from taking advantage of some features of the Websites. We may also collect information on our Websites using Web “beacons.” Web beacons are electronic images used on the Websites or in our emails. We use web beacons to deliver cookies, count visits, understand usage and activity on the Website and to tell if an email has been opened and acted upon. For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/cookies/.
For more information about the cookies we use, please see our cookie declaration page.
We also partner with Google Analytics to learn more about how you use our website – under CCPA, this may be considered a sale. For more information about how Google Analytics works you can visit this link. To opt-out of Google Analytics, you can visit here and follow the instructions.
You can always opt not to disclose certain data to us, but keep in mind all of the data we collect is needed to take advantage of some features of the Websites or to help us find the most interesting and relevant advertising messages to share with you while you are using apps developed by our Publishers. You may request deletion of your data using one of the online forms below. If you have questions or other requests regarding your data, you may send those via e-mail to email@example.com.
Purple Patch provides an advertising network and technology platform (“Platform”) and advertising mediation service (“Service”) to connect mobile application and site publishers (“Publishers”) with advertisers (“Clients”). Our Platform facilitates the efficient serving of targeted advertisements with Publishers by collecting information across multiple non-affiliated Publishers. The Service helps publishers fill their inventory of available advertising slots via our third-party partners. Our Platform obtain this pseudonymous personal information to deliver, tailor, and report on the ads being run across our Platform and Service by our Clients. The Service mostly acts as an agent of our Publishers and transfers pseudonymous personal information from our Publishers to third-party partners so they may help those Publishers deliver, tailor and report on the ads being run.
In the course of running our Platform and Services, we collect information from Publishers and use such data for a number of purposes.
Purple Patch complies with the Digital Advertising Alliance (DAA) Self-Regulatory Code.
Purple Patch offers multiple-choice mechanisms that enable Users to opt-out of Purple Patch’s use of information for interest-based advertising. We do not currently respond to browser-based Do Not Track signals because our Platform and Service operate primarily in the mobile application advertising space, and Do Not Track is browser based. Please note that you will continue to receive advertising after you opt-out, but it may not be tailored to your interests. Please also note that our opt-out mechanism is browser or device specific. Therefore, if you use multiple browsers / devices you will need to perform the opt-out operation for each browser or device. Certain devices and device configurations may prevent our opt-out from operating correctly. Persons located in the European Economic Area have the right to object to our processing of their personal data and/or revoke their consent as described below.
We honor Apple “Limit Ad Tracking” and Google Opt out of “Ads Personalization” device settings. When we see those setting enacted on a mobile device, we treat that setting as a request to opt-out from interest based advertising and a request to opt-out from Purple Patch’s sale of data to third parties. Purple Patch works very hard to respect privacy and personal data and sees these global tools as having a damaging effect on your experience with advertising. There will always be advertising, so we believe that the best world is one where that ads are relevant to your interests and where you have granular control over which ad networks you trust with your personal data, not a tracking block for all ad networks.
Purple Patch provides this granular control through special integration with the AdChoices icon in our ads. In order to properly opt-out of Purple Patch ads, first, on Apple (iOS) please TURN OFF “ Limit ad tracking ” or on Google (Android) TURN ON “ Ads Personalization ”. Then, when you see the AdChoices icon on one of our ads, tap on the AdChoices icon, and you will be directed to this page. For your convenience, the form (below) to opt out of interest-based advertising will be prefilled with your advertising ID and IP address. Finally, click submit to revoke the consent we have claimed to store and process your data by legitimate interest. (See “Special Data Protections by EEA Data Subjects”)
Regardless of how you choose to share your preferences for interest-based ads tracking, for devices where we are able to see that an opt-out selection has been made, we will stop tracking your activities for the purposes of serving interest-based advertising.
Many of our partners that enable targeted advertising are members of one or more digital advertising industry self-regulatory programs. You may click below for the Network Advertising Initiative (“NAI”), Digital Advertising Alliance (“DAA”) and European Digital Advertising Alliance (“eDAA”) opt-out tools to learn more about targeted or interest-based advertising and to opt out of certain targeting programs.
Purple Patch may share personal data with trusted partners. These third party contractors are prohibited from using the information for purposes other than performing services for Purple Patch. The categories of third-party service providers used by Purple Patch include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems partners, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) social media platforms for advertising and marketing purposes, h) outsourced computer programmers helping ensure our systems are operating properly, i) auditing, debugging and security vendors.
Processing Purposes – We provide our Clients with information about how many Users view or click the advertising served using our Platform. Similarly, we may share personal data with the Publishers on which we serve ads in order to optimize and report on the delivery of those ads. We may share information with ad networks, advertising exchanges, ad agencies in connection with the Platform in Service for the business purpose of facilitating and targeting advertising campaigns. This information cannot be used to contact or identify any person individually, but may be considered personal data in some jurisdictions.
Finally, Purple Patch may transfer information, including any personally identifiable information, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Purple Patch is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via a notice on our Websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data. In the context of an onward transfer, Purple Patch is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Consent to Worldwide Transfer and Processing of Personal Information
Data security – The security of your information is important to us. We have implemented reasonable security measures to protect the information in our care, both during transmission and once we receive it. However, due to the inherent nature of the Internet as an open, global communications means, we cannot guarantee that your information, during transmission through the Internet or while stored on our Platform or otherwise in our care, will be absolutely secure from intrusion by others, such as hackers. If you contact us by e-mail, a “contact us” or a similar feature on our Websites, you should be aware that your transmission might not be secure and that a third party could view information you send by these methods in transit.
Children – Purple Patch adheres to the Children’s Online Privacy Protection Act (COPPA) and the children’s privacy provisions of the General Data Privacy Regulation in the EU. We do not knowingly create nor use any interest-based advertising segments of children under 13 as part of our Services. Our Websites are not directed at children under the age of 13. If we are made aware that we have received PII from someone under 13, we will use reasonable efforts to remove that information from our records. Where applicable law raises the age range from 13 to 16, Purple Patch complies with those laws.
Data Integrity, Purpose Limitation – We process information in a way that is compatible with and relevant for the purpose for which it was collected as described above. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
Data Retention – We store PII such as email address, telephone number or billing details for as long as you continue to have a business relationship with Purple Patch and for a reasonable time thereafter for record keeping purposes or as required by law. You may ask us to delete that information by following the instructions in “Access or Deletion” section. Where we store PII you provide on our Websites as a Publisher or Client as described in “Personally Identifiable Information (PII)” section above, we use and retain such PII only as you direct.
We store Pseudonymous Identifiers such as device identifiers, IP addresses, as well as other personal data and cookie IDs so long as our systems continue to encounter a particular User. We retain raw information associated with Pseudonymous Identifiers that we have collected for up to 13 months, after which time the raw information is deleted and any remaining information is anonymized or aggregated with no residual personal data.
Your Data Access Rights
Special Data Protections for California Data Subjects
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.
You may access those rights with respect to Purple Patch by completing the data subject access request form (below). As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will attempt to confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.
The CCPA defines personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. The CCPA also defines the sale of personal information broadly and as such Purple Patch is considered to have sold the categories of information we collect via the Platform over the past 12 months.
We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.
You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we may request that any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.
Special Data Protections for EEA Data Subjects
As of 25 May 2018, the General Data Privacy Regulation (“GDPR”) affords additional rights to EEA data subjects. As an EEA data subject, you have the right – partly under certain conditions:
As an EEA data subject, you may invoke the above rights regarding the personal data processed by Purple Patch by completing our EEA data subject access request form (below). Moreover, with respect to EEA data subjects, personal data includes Pseudonymous Identifiers such as an IP address, a mobile advertising ID or a cookie ID.
Legal Bases for Processing – Where Purple Patch is a controller of data (e.g., via most of our advertising Services), the legal basis will be both legitimate interest (Art. 6 (1) f) GDPR) and consent (Art. 6 (1) a) GDPR) depending on the type of information subject to processing and the information we receive from upstream partners. We may also process data for the performance of a contract with you (Art. 6 (1) b) GDPR).
Where we rely upon legitimate interest, we have assessed the processing is not high risk, does not involve the processing of sensitive data and will not violate fundamental human rights. (See a more detailed explanation in the “Legitimate Interest” section below.) In the event that Purple Patch is a processor of data, the legal basis for processing such data is determined by Publishers and/or our Clients.
Where Purple Patch receives from an EEA data subject a request to cease processing of data via one of the choice mechanisms listed above, Purple Patch will stop all data processing with respect to the opted out device except in the routing or grouping of the data in order to complete an advertising request or unless such processing is required by law. (See “Contact Information” section for Purple Patch’s data protection officer and EU Representative.)
Cross-Border Data Transfer into the United States
Purple Patch has assessed that it has legitimate interest in the collection of this information pursuant to 6(1)(f) of General Data Protection Regulation (GDPR). In our assessment, we believe that all data processing currently engaged upon via the Purple Patch Marketplace falls under the “legitimate interest” legal basis. A summary of our rationale is as follows:
Questions or comments regarding this Policy should be submitted to the Purple Patch Privacy Office by mail or e-mail as follows:
Purple Patch Privacy Office
Bashati Dream, Flat No. 6-B, House No: 03, Road: 20, Gulshan 01, Dhaka 1209, Bangladesh
Regarding incoming requests which can’t be processed internally by Purple Patch personnel, please send them for a further review to Purple Patch’s external DPO and EU representative.
EXTERNAL DATA PROTECTION OFFICER (DPO) AND REPRESENTATIVE
represented by Mohammad Sarwar Bin Anis
House 15 Rd No 128, Dhaka 1212
PRIVACY COMPLAINTS BY EUROPEAN UNION AND SWISS CITIZENS
We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Digital Trading Standards Group (DTSG) has created a set of high-level Principles aimed at minimizing the risk of ad misplacement and Purple Patch adheres to those principles.
DIGITAL TRADING STATEMENT
Purple Patch is committed to providing outstanding customer service and brand safety for our Clients and Publishers. We are dedicated to providing complete transparency and control over how brands appear around Publisher content. To achieve this, we set out here our brand protection policy and processes for all campaigns run across our network and our use of campaign whitelists according to your instructions. Purple Patch operates with premium inventory on identified Publishers containing appropriate content and offers ad placements across a secure list of premium, vetted mobile websites and apps. We also work with premium publisher partners, with established reputations, grounded in strong brand values, credibility, and trust.
We will run campaigns across our network of brand-safe premium sites in conjunction with our internal blacklist criteria and with any blacklist or whitelist requested by the advertiser or their agency. Additionally, when requested, we will remove advertising from any url upon instructions from the advertiser or their agency.
OUR BRAND PROTECTION & BLACKLIST POLICY
Purple Patch operates a blacklist policy and will not serve any advertisements to any sites containing the following generic categories including but not limited to the headings below:
In addition, if sites are identified as being inappropriate whilst not falling into the identified categories they will be added to a blacklist to be supplied to any supplier or inventory.
ADVERTISER & AGENCY BLACKLISTS / WHITELISTS
Any blacklist or whitelist supplied by an advertiser or their agency will be used in addition to Purple Patch blacklist or whitelist for use on specified campaigns or for any stated period.
In the event of a client’s advertisement appearing on a mobile website or mobile application that the client deems inappropriate or unsuitable, Purple Patch will make every effort to take down the advertisement as soon as possible or within the timescales specified in individual terms and conditions and, if requested, will add that site to our blacklist to be used for any future campaigns for that client.
AD MISPLACEMENT NOTIFICATION
Any incidents of ad misplacement identified by agencies, Clients, or Publishers can be notified to firstname.lastname@example.org. We would be grateful if you could provide as much information as possible including the date, time and app or Website on which you saw the ad along with the brand that was being advertised and the reason why you believe it was misplaced. Ideally, we can most effectively respond if you provide a screenshot or video of the offending or misplaced ad.
The contractual consequences of not taking down an ad in accordance with this policy are evaluated and agreed with the buyer on a case by case basis.