This policy applies to the following websites that are operated or controlled by IAB Europe:
IAB Europe processes personal data in accordance with applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
IAB Europe collects or obtains personal data from its Members and Users from the following sources:
IAB Europe processes, for the purposes listed in Section 4, the following types of personal data:
When the User or the Member accesses the Websites, the relevant servers automatically record the following data which are not made visible on the Websites: the type of domain from which the User or the Member connects to the Internet, the IP address allocated to them (at the moment of the connection), the date and time of access to the Site, the pages viewed and the activities undertaken, the type of browser used, the platform and/or the operating system used, the search engine and the keywords used to find the Websites.
The purposes for which IAB Europe may process the personal data of its Users and Members, subject to applicable law, include:
IAB Europe does not seek to collect or otherwise process Sensitive Personal Data in the ordinary course of its business. Where it becomes necessary to process Sensitive Personal Data of our Users or Members for any reason, IAB Europe will only do so in compliance with the law.
We may provide your personal data to companies that provide services to help us with our business activities (‘data processors’). These companies are authorized to use your personal data only as necessary to provide these services to us.
IAB Europe transmits the personal data of its Users or Members to third-party services to the extent to which these data are required for the performance of the relevant Services. Any such partner will not communicate these personal data to third parties, except in the following situations: (i) if and to the extent that this communication is necessary for the contract’s performance, and (ii) if the partner is obliged to communicate certain information or documents to a public authority, as required by law, such as to comply with a subpoena, or similar legal process and (iii) if IAB Europe is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/ or prominent notice on our Websites of any change in ownership or uses of your personal data, as well as choices you may have regarding your personal data. The communication of information to the persons set out in point (ii) shall, in any case, be limited to that which is strictly necessary or required by applicable law.
If IAB Europe engages a third-party processor to process personal data of its Users or Members, the processor will be subject to binding contractual obligations to: (i) only process the personal data in accordance with IAB Europe’s prior written instructions; and (ii) use measures to protect the confidentiality and security of the personal data; together with any additional requirements under applicable law.
Some of our data processors are located outside the EU (‘third countries”). Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries here. Transfers to our data processors located in other third countries take place using an acceptable data transfer mechanism, such as the Privacy Shield for transfers to self-certified US organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or, in exceptional circumstances, on the basis of permissible statutory derogations.
IAB Europe uses physical, technical and administrative measures to protect the Users’ information against loss, theft and unauthorized use, disclosure or modification. While IAB Europe strives to protect the information it maintains, it cannot guarantee or warrant the security of any information that the Users transmit to us since no method of data transmission or storage is 100% secure.
IAB Europe will only retain the Users’ and Members’ personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
The determination of the appropriate retention period for the Users’ personal data is based on the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your it and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances IAB Europe may anonymise the User’s personal data so that it can no longer be associated with the User, in which case it is no longer considered personal data.
Upon expiration of the applicable retention period IAB Europe will securely destroy the personal data in accordance with applicable laws and regulations.
Any Member may, at any time, have access to their personal data and correct them through the thumbnail “Edit Profile”, within the “Members – Account” menu on the Websites (or at the following address: https://www.iabeurope.eu/profile/edit by using their username and password).
The User or the Member may also request access, ask for rectification and for deletion of their personal data, except those which IAB Europe are legally obliged to retain, from IAB Europe’s database by addressing a written request, accompanied with, to the data controller at the following address: IAB Europe, 1040 Brussels (Belgium), Rond-Point Schuman, 11. Any User or Member may request to have their personal data transferred to another controller, in a structured, commonly used and machine-readable format.
Any User or Member may request restriction of processing of their personal data.
Where IAB Europe processes a User or Member’s personal data on the basis of consent, the User or Member has the right to withdraw that consent (although this withdrawal does not affect the lawfulness of any processing performed prior to the date on which IAB Europe receives notice of such withdrawal, and does not prevent any processing of personal data on any other available legal bases).
IAB Europe will then take all necessary steps to satisfy such request with expediency.
Any User or Member has the right to lodge complaints regarding the processing of their personal data with a data protection authority (which can be any of the data protection authority of the EU Member State in which they live, or in which they work, or in which the alleged infringement occurred).
Subject to applicable law, each User or Member may also have the following additional rights regarding the processing of their personal data:
Persons under 16 years old and persons who do not have full legal capacity are not allowed to use the Websites, and must not provide their personal data to us. IAB Europe does not knowingly collect or store personal data about children under the age of 16, unless permitted by law. If IAB Europe learns that it has collected personal data from a child under age 16, it will delete that information from its database.
We display personal testimonials of satisfied members on our Websites in addition to other endorsements. With your consent we may post your testimonial along with your name, but we will always check that you are happy for us to do so first. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Rond-Point Robert Schuman 11
+32 2 256 75 10
Last Updated: 25 April 2019