Privacy Policy

1. Introduction

TN Communications AB (company registration number 559317-7859) ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we, as a data controller under the General Data Protection Regulation (GDPR), collect, use, share, and protect personal data when we use Demand-Side Platforms (DSPs) to gather data from websites, build audiences, and sell those audiences to other clients within the DSP. We process personal data in compliance with GDPR principles of transparency, fairness, and accountability.

2. What Personal Data Do We Collect?

We collect the following categories of personal data through DSP scripts on websites:

• Identifiers: IP addresses, device IDs, cookie IDs, or similar tracking technologies.
• Browsing and behavioral data: Websites visited, pages viewed, time spent, interactions (e.g., clicks), and inferred interests.
• Demographic data: Inferred age, gender, or location based on browsing patterns (where available).

This data is collected indirectly from websites (publishers) via the DSP, not directly from you.

3. How Do We Collect Your Data?

We rely on DSP-provided scripts (e.g., pixels, cookies, or tags) embedded on third-party websites to collect data during your visits. This occurs in the context of online advertising and requires user consent obtained by the website publishers, often through Consent Management Platforms (CMPs) compliant with frameworks like the IAB Transparency and Consent Framework (TCF).

4. Purposes and Legal Basis for Processing Your Data

We process your personal data for the following purposes:

• Building audiences: Segmenting users based on behavior for targeted advertising.
• Selling audiences: Providing segmented audiences to other clients within the DSP for their advertising campaigns.
• Improving services: Analyzing data to optimize ad delivery and performance.

The legal basis for processing is:

• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent via website consent banners for personalized ads and profiling. You can withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f) GDPR): For non-personalized processing, such as fraud prevention or basic analytics, where our interests are not overridden by your rights (as assessed in a legitimate interest assessment).

We do not process special categories of data (e.g., health or political opinions) unless explicitly consented to.

5. Who Do We Share Your Data With?

We share personal data with:

• DSP providers: As processors, to facilitate data collection and audience activation.
• Clients: Other advertisers within the DSP who purchase our audiences (as joint controllers where applicable).
• Service providers: For IT support, analytics, or legal compliance (bound by data processing agreements).

Data may be transferred outside the EU/EEA (e.g., to US-based DSPs). We ensure safeguards like Standard Contractual Clauses (SCCs) or adequacy decisions are in place.

6. How Long Do We Keep Your Data?

We retain personal data only as long as necessary:

• Browsing and identifier data: Up to 12 months for audience building, then anonymized or deleted.

Retention is based on the purpose, legal requirements, or until consent is withdrawn. After this, data is securely deleted or anonymized.

7. Your Data Protection Rights

Under GDPR, you have the following rights:

• Access: Request a copy of your data.
• Rectification: Correct inaccurate data.
• Erasure ("right to be forgotten"): Delete your data in certain cases.
• Restriction: Limit processing.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Portability: Receive your data in a structured format.
• Withdraw consent: At any time, without affecting prior processing.

To exercise rights, contact us at hello@digitaltribes.io. We respond within one month (extendable if complex). You can also complain to your supervisory authority (the Swedish Authority for Privacy Protection in Sweden).

8. Cookies and Tracking Technologies

We use cookies and similar technologies via the DSP for data collection. Types include:

• Advertising cookies: For tracking and personalization.
• Analytics cookies: For performance measurement.

You can manage preferences via browser settings or the website's CMP. Refusing may limit ad relevance but not affect core functionality.

9. Automated Decision-Making and Profiling

We use automated profiling to build audiences based on your browsing data, which may affect the ads you see. This has no legal or significant effects beyond advertising. You can object to profiling.

10. Security

We implement appropriate technical and organizational measures (e.g., encryption, access controls) to protect your data from unauthorized access or breaches.

11. Changes to This Policy

We may update this policy periodically. Changes will be posted here with the updated date. For significant changes, we may notify you via email or website notice.

12. How to Contact Us

For questions or complaints, contact us at the details below.