Mobile Journey – Privacy and Data Protection Statement

Last Updated: April, 14, 2023
Take me back

Aiming to comply with the transparency and information requirement set in articles 13 and 14 of the GDPR set out in the EU regulation 2016/679 (GDPR), Mobile Journey has set up privacy & data protection statements. These are to inform you of how we collect and use certain information concerning Internet and users, in the course of our mobile advertising services.

Table of contents
1. Who is Mobile Journey
2. What is our business
3. What categories of data we process or collect
4. How we process data
5. What categories of data we do not process or collect
6. What do we use this data for
7. Processing data in aggregate
8. Retaining data
9. Sharing
10. Legal basis for our data processing
11. Exercise your rights
12. Changes in this policy

Who is Mobile Journey
Mobile Journey Ltd. is a United Kingdom limited liability company operating, with headquarters in United Kingdom, 56 Leman Street, E1 8EU, London, and is registered at Companies house 10643086.
Mobile Journey B.V. is a Dutch limited liability company operating, with an office in The Netherlands, 61 Weesperstraat, 1018 VN in Amsterdam, and is registered at Kamer Van Koophandel 70015325.

What is our business
Mobile Journey utilizes platforms that power advertisements that can appear on web sites and applications on your mobile devices. Through our doing, you may interact directly with our platforms’ servers (for example when you click on an ad) or indirectly through the mobile website or application that is displaying the ads. We are working with a selection of platforms: DSP’s, data vendors, location services, which we can share with you upon request.

What categories of data we process
When you visit a website or use an application that uses one of our platforms’ technologies, certain information about you and your device will be collected for the purpose of serving advertisements to you.

Some of this information (including for example your IP addresses and certain unique device identifiers), may identify a particular computer or device, and may be considered personal data in some jurisdictions, such as the European Union.

The following information that may be regarded as personal data will be processed:
– IP address,
– Device identifiers such as cookie identifiers and unique device identifiers,
– Data concerning the displaying of the advertising, such as date/time of viewing, and the website or application where the advertisement was displayed,
– Certain data concerning your activities and actions on the advertiser sites, in case you click on the advertising
– Geolocation (including city, region, country, zip code, and potentially geographic coordinates if you have enabled location services on your device).

How data is collected and/or processed
Practically all of the data is not directly collected by Mobile Journey, but collected and transferred to our platforms’ through their third party suppliers within the online advertising supply chain, such as real time bidding markets. Where applicable and required, such parties have obtained consent or written agreement from the relevant data subjects, in order to transfer their data to our platforms’. Mobile Journey, in turn is processing this data through the platforms to deliver mobile advertising campaigns to clients.

Our platforms work with the following real time bidding markets:
– AdColony
– AdYouLike
– AppNexus
– Avocarrot (Glispa Connect)
– Axonix
– Bee7
– Cheetah
– Daily Motion
– DoubleClick
– Flurry
– Fyber
– Gameloft
– Glispa
– GoogleAdx
– ImproveDigital
– Inneractive
– Ligatus
– LiveRail
– MADS
– Mars Media Group
– Max
– MobFox
– Mobilda
– MoPub
– One by AOL
– OpenX
– Pubmatic
– Rubicon
– Smaato
– SmartAdServer
– StickyAds
– SpotX
– TapIt
– TappX
– TapSense
– Teads
– Vungle

Additionally, our selected platforms use cookies and other standard web technologies to collect information, including:

– “Tags and Pixels” are blocks of code that our platforms and our customers may use to track your navigation of websites or apps using our technology, and your browsing behaviour. Our platforms use pixels to synchronize information that they have collected with information independently collected by our suppliers, clients, and other third parties that are interested in providing you with ads.

– “Cookies” are data files that often include a unique identifier, and are placed on a visitor’s device or computer. Out platforms use cookies on our customers’ websites in order to operate our technology and collect User Information. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org

– “SDKs” or “Software Development Kits” are blocks of code similar to tags and pixels that are embedded into an app that allow us to track certain information relating to your use of apps using our technology.

– Our platforms also use standard device identifiers, for example the “IDFA” advertising identifier used on Apple’s iOS devices, to track your use of mobile apps.

– Additionally, we use other technologies, including locally stored objects, to collect User Information in order to assist with the delivery of ads and to provide reporting to our customers.

Third Party Service Providers we work with:
AdSquare (adsquare.com), a mobile data exchange who can work as a Data Provider for our customers.

Tamoco (tamo.co), a mobile data exchange who can work as a Data provider for our customers.

However, when we use third party service providers, we disclose only the Personal Information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for any other purposes. Please be reassured that we will not release your information to third parties beyond the Ads serving process we’ve described, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

What categories of data will not be collected or processed
We do not collect nor process the following categories of data:
– Data that might be regarded as sensitive under Article 9 GDPR, that is information concerning your race, sexual orientation, political affiliation or religious beliefs, among others.
– Data that might be used for the purpose of online behavioural advertising, that is data concerning your Internet navigation over time, and that might be used in order to infer your personal interests.

What this data is used for
We use the categories of data mentioned above primarily in order to deliver to you targeted advertising we believe will be of particular interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at
https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work
In particular, we can divide all the potential processing of the data in three different categories:
(1) Buying advertising slots and managing campaigns. By using device identifiers and contextual data such as geolocation, visited website, and date and hour of visit, we can deliver advertisement specifically to your phone. Managing advertising campaigns also means that we use your data for ancillary activities, such as enabling standard advertising controls, and to protect and investigate fraudulent or illegal activity.
(2) Monitoring campaign performance. By using our platforms’device and cookie identifiers, we can track whether users that click on or simply see the advertisement we manage actually visit the website of our clients, and whether they actually buy or subscribe to any product or service.
(3) Retargeting and segmenting. At the request of our clients, we might create lists of devices that we want to target in our campaigns, because they have previously carried certain activities, such as visiting our client’s website. In doing so, we segment Internet users into different audiences that can be targeted separately. In such operations, Smadex doesn’t act as data controller, but as data processor.
We do not carry out automated decision-making processes, as described in Article 22 GDPR.

Processing data in aggregate
In addition to all the uses detailed above, we process user data derived from our platforms as an aggregate, anonymous and non-individual level, in order to (1) operate and improve our technology, (2) conduct research and development, (3) report on campaign performance with our clients, and (4) carry out campaign forecasting.
Data processed in aggregate is not regarded as personal data, as it does not relate to any particular identified or identifiable person.

Retaining data
We may store the information we collect through our platforms, such as IP address and other information described above, for up to 90 days before we aggregate that data into summary reports.
Through our platforms, we store the aggregated summary data (which for example, does not include IP address or other information that may be tied to a particular browser or device) for longer than 90 days.

Sharing data
We share the data with other companies operating in the online advertising industry, in order to carry out the campaign management, performance monitoring, and retargeting and segmenting functioned outlined above.
In particular, we may enter data processing agreements with the following categories of data recipients:
– With real time bidding platforms, for the purpose of managing advertisement campaigns.
– With our clients (i.e. advertising agencies and advertising networks), for the purposes of retargeting and segmenting.
– With trackers, data management platforms and technology suppliers, for the purpose of performance monitoring, and in order to carry out retargeting and segmenting.
– Where our operations entail a transfer of data outside the European Economic Area, Smadex has entered into ‘model clause’ agreements with the relevant data recipient.

Legal basis of data processing
The data processing operations described above are carried out on the grounds of two autonomous and independent legal basis. In addition to that, MobileJourney makes an effort to obtain consent from the relevant data subjects for all data being processed. Given that Mobile journey nor its platforms do not interact directly with Internet end users, consent must be obtained and transferred by other companies within the advertising supply chain that have a direct relationship with the end user. In order to obtain, transfer and revoke such consent, we use the following technological solutions: The IAB standard for GDPR consent management.

Exercise your rights
If you are a resident of the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, deleted. You also have the right to withdraw any consent.

If you would like to exercise this right, please request our Data Subject Rights Policy for instructions on how to do so.

Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, we require you to provide us with some additional information to ensure that we provide you with accurate information.
In addition, you may also opt-out of receiving marketing communications from Mobile Journey. If you would like to exercise this right, please write to us at the contact details provided below.

Contact Mobile Journey
Please do not hesitate to contact us in case you want to exercise any of your data protection rights, or if you have any question concerning our privacy and data protection policy.
We can be contacted at the following online:
dataprotection@mobilejourney.com

You also have the right to lodge a complaint with our Data Protection Supervisory Authority, the Information Commissioner’s Office (UK’s independent authority).

Changes in this policy
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
If we make material changes to this privacy policy, we will notify you of any material changes by posting the revised policy on this website, and where appropriate, by other means.

Contact us