Optable Technologies Inc. (“Optable”, “we”, “us” or “our”) develops advertising technology solutions for the privacy-by-design era of the commercial Internet, with transparency and privacy at the heart of our service offering.
Our Clients (as defined in the section How is your personal information collected?) are interested in exchanging information that they hold, in order to discover whether they have any information in common. These exchanges allow our Clients to gather and analyze information, such as how their websites are used and the efficiency of targeted and non-targeted advertising, for the purposes of measurement, optimization and decision-making about the markets in which they participate.
Our services aim to allow Clients to determine whether they have the relevant information in common, but without disclosing any identifying information to each other.
This benefits our Clients, by reducing the risks generally associated with handling personal information. It also benefits the individuals whose personal information is being processed, by limiting the amount of information that needs to be shared in order to create the audiences described.
To accomplish this goal, we adhere to privacy-by-design and privacy-by-default principles throughout the process of designing, building, and delivering our services.
Some laws distinguish between a “controller” on the one hand, and a “processor” or “service provider” on the other (or similar terms). With respect to personal information provided to us by our Clients for processing, we are service providers or processors for the purposes of such laws. In consequence, where you have given consent for those Clients to collect, use and disclose your personal information, we process such information on behalf of our Clients in our role as service provider. We explain this further, in the section entitled How we Collect Personal Information.
What do we mean by "personal information"?
“Personal information” is any information that identifies, or could be reasonably associated with, an individual and their household (collectively, “individual” or “you”). This may include, for example, your name, contact information, Email address, and information relating to your account with us (as the case may be). It can also mean information that can be used to identify you indirectly, either alone or in combination with other information. It can include technical information, but only when this information can identify you as an individual.
Whether information is considered personal information may depend on, among other factors, the definition that applies in the jurisdiction in which you reside or in which the information is deemed to have been received by us. For example, in some jurisdictions, a user’s IP address may be deemed to be personal information, while in others it is not. In consequence, some of the information we list below may or may not be personal information depending on your individual circumstances.
Information that is aggregated and/or anonymized, such that it cannot be associated with an identifiable individual or used to re-identify an individual, is not considered to be personal information.
What personal information do we collect?
The information we obtain for processing may include information that our Clients choose to store with us for processing and exchange, such as:
- Mobile advertising device IDs such as Apple’s Identifier For Advertisers and Google Advertising ID (collectively, “Advertising IDs”). Advertising IDs are user-resettable, unique, anonymized identifiers for advertising generated by a variety of devices. Advertising IDs identify a specific device and are implemented both on Apple iOS and Google Android (“Advertising ID”).
- Cookies. An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply a cookie) is a small piece of data sent from a website and is stored in the user’s web browser while the user is browsing.
- Demographic information such as age / age range, gender, city or region, estimated income, and language.
- Mobile contract data such as prepaid or long term.
- Mobile app usage data about applications installed or accessed on a user’s device and application events (such as in-app purchases).
- Browsing activity such as pages and offers viewed, clickstream data, and IP addresses.
- Geolocation information derived from sources such as GPS coordinates, Wi-Fi or cellular telephone tower connection locations.
- Ad network requests which may contain personal information about you depending on the nature of the request, such as demographic information, geolocation data, or the URL of the page you are browsing.
- Any other information you provide to our Clients (as defined in the section How is your personal information collected?), that our clients choose to have us store and process.
Where possible, the personal information we process will be hashed and/or encrypted. Hashing refers to a cryptographic technique that irreversibly transforms input data into unique alphanumeric sequences.
Our products use certain methods, such as private set intersection and other cryptographic techniques, that combine hashing and encryption in a way that allows our clients to determine what information they possess in common, without disclosing anything other than such commonality.
The information exchanged in this hashed and encrypted form may include hashed email addresses, hashed telephone numbers, and other hashed contact coordinates or user identifiers.
How is your personal information collected?
We receive personal information from third parties that use our Products and Services to whom you have given your separate consent for collection, use and disclosure, whether directly or indirectly (collectively, our “Clients”). The initial collection is made by our Clients, who then transfer this information to us.
Our Clients fall into three non-exclusive categories:
- Publishers, such as owners of websites, mobile applications and other media properties that publish content or provide services online.
- Advertisers, such as brand owners and advertising agencies.
- Ad Exchanges, such as technology platforms that facilitate the buying and selling of media advertising inventory from multiple advertising networks.
Our Clients use certain software-based tools that we provide to collect information from a variety of sources (e.g., through product web pages and mobile apps) in a format that can be used for our Products and Services. These tools collect individual device Advertising IDs, cookie identifiers, email addresses, referring URLs, user agent strings, and IP addresses and other information arising from your interactions with our Clients’ websites and mobile apps. Our Clients deploy these tools directly into their own systems, and send the collected information to our systems for storage and processing.
How do we use personal information?
We provide two core Products and Services to our Clients: infrastructure (information storage and computing resources) and software (for information exchange and analysis). In the context of these Products and Services, we process this information in the following ways:
- As an infrastructure provider, we receive and store the information collected by our Clients in our data hosting facilities. Each Client has its own secure information storage and processing “container” within our facilities. As providers of storage resources, we process this information in the course of providing these Products and Services. Our own access to the information contained in these secure Client containers is limited to what we need to have access to in order to provide these infrastructure Products and Services.
- As a provider of software Products and Services, we assist our Clients in establishing relationships between different information attributes pertaining to the same user of (for example) a device or an Email address. We provide computing resources that allow them to conduct such analyses.
- As part of our Products and Services, our Clients use technologies we provide to communicate with each other the information needed to establish the above mentioned relationships. The technology we provide permits our Clients to exchange information directly between themselves — that is, the information exchange is not mediated by a centralized data repository that we control. Moreover, our Products and Services are designed to limit the amount of information that needs to be exchanged by employing various cryptographic techniques and protocols.
How do we share personal information?
a. Service Providers
In the course of providing our Products and Services, we may share all categories of personal information detailed in section What Personal Information do we Collect? with third party service providers who perform services on our behalf. These service providers help us operate our business, technology systems and applications, internal procedures, and infrastructure. We require these service providers to limit their access to and/or use of personal information to what is required to provide their services and require that those third parties adhere to confidentiality as well as security procedures and protections.
b. Sale or transfer of business or other transaction
We may disclose personal information to a third party in connection with a sale or transfer of business or assets, an amalgamation, reorganization or financing of parts of our business (including the proceedings of insolvency or bankruptcy). In the event the transaction is completed, your personal information will remain protected by applicable privacy laws. In the event the transaction is not completed, we will require the other party not to use or disclose your personal information in any manner whatsoever and to completely delete such information, in compliance with applicable laws.
c. Other Permitted Reasons
Applicable laws may permit or require the use, sharing, or disclosure of personal information without consent in specific circumstances (e.g., when investigating and preventing suspected or actual illegal activities, including fraud, or to assist government and law enforcement agencies). If this happens, we will not share more personal information than is reasonably required to fulfill that particular purpose.
d. With Your Consent
Other than the purposes listed above, we may, with your implied or express consent, share or disclose your personal information outside of Optable, in accordance with applicable laws.
How we manage consent
You have provided us with your consent to the collection, use and disclosure of your personal information by means of the consent you have provided to our Clients. In other words, we do not manage your consent or withdrawal of consent directly.
Your consent may be withdrawn by contacting our Clients directly, depending on the nature of your relationship with them, or by exercising a variety of technical options available to you. For information on some of the most accessible of these technical options, please see What are my choices?
What are my choices?
We want you to clearly understand your choices and make informed decisions about your privacy options. There are several options that may be available to you for managing your privacy preferences:
Contact our Clients directly
To find out what personal information of yours that our Clients collect, use and disclose, you may contact our Clients directly.
Changing browser settings
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain online activities, over time and across different websites. Note that many operators do not honor such “Do Not Track” signals and in particular, our Products and Services do not.
Resetting your Advertising ID
You may reset the Advertising ID by selecting the option “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android. This will delete your current Advertising ID from your device and replace it with a new Advertising ID. As a result, Clients who use this information and receive ad network requests will not receive any new ad network requests containing the old Advertising ID.
To opt-out from interest-based advertising, you may select “Limit Ad Tracking” on iOS or “Opt-out of interest-based ads” on Google Android. By enabling these functions, although Clients who use these technologies may still retain your personal information that has already been collected, new activity on your mobile device will be effectively invisible to such Clients.
Some of our Clients may participate in the opt-out programs established by the Digital Advertising Alliance (https://optout.aboutads.info/), the Digital Advertising Alliance of Canada (https://youradchoices.ca/), and the European Interactive Digital Advertising Alliance (https://www.youronlinechoices.com/). For participating companies you can control your interest-based advertising experience by using the tools they provide at the URLs above. Note that opting out through these tools does not stop ads from showing altogether (other types of advertisements – including “contextual” or “content-based” advertising – will continue to be delivered to the browser or in an app), but using them will help to limit or stop participating companies from collecting and using data.
How we store and safeguard personal information
We take the security of your personal information seriously and are committed to protecting your privacy by using a combination of administrative, physical, and technical safeguards. Your personal information may be stored in foreign jurisdictions, in which case it will be subject to foreign laws and may be accessible by foreign authorities.
a. How we protect personal information
We employ organizational, physical and technological measures to protect the confidentiality of personal information and to safeguard personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, in light of, among other things, the sensitivity of the information and the purposes for which it is to be used. These safeguards also apply when we dispose of or destroy your personal information.
b. Where we keep personal information and cross-border transfers
We, and our service providers, may access, process or store your personal information outside of the country where we are located and where you reside. We use reasonable safeguards to ensure that our service providers protect your personal information wherever it is used or stored.As a result, when your personal information is used or stored in a jurisdiction other than where you are residing, it may be subject to the law of this foreign jurisdiction, including any law permitting or requiring disclosure of the information to the government, government agencies, courts and law enforcement in that jurisdiction.
c. How long we retain personal information
We do not have control over the information handling and retention practices of our Clients. Where our Clients ask us to delete, destroy or anonymize any information that they have stored with us, we will honor any commitments we have with them to do so.
If you have any questions about how we handle your personal information, you may contact us as indicated below. However, because we are processing your personal information on behalf of our Clients, as explained above, we will generally redirect your request to the applicable Client.