Privacy policy

At Xeworks, your privacy is our top priority. This Privacy Policy describes our practices and procedures regarding the processing of personal information, whether collected directly through https://xe.works/ (“Website”) or as part of the services we provide, as described below. Thus, this Policy applies to:

(i) your interactions with the Website, whether you are a visitor and/or a potential existing client (“Customer”); and

(ii) processing of personal information about the Customer’s users collected through their interaction with the Customer’s websites and/or mobile applications (“End-User”).

This Policy is part of, and subject to, Xeworks Terms & Conditions. All terms undefined in this Policy should be understood and have the same meaning as in Terms & Conditions.

We reserve the right to revise this Privacy Policy from time to time. The most current version of the Privacy Policy will be available on this page, so you can always be aware of the up-to-date information. For changes to this Privacy Policy that may be materially less restrictive on our collection, usage and/or disclosure of personal information you have already provided to us, we will attempt to obtain your consent before implementing the changes.

For all other changes, it is at your sole responsibility to review the terms of this Policy from time to time to ensure you agree with it and any applicable amendments. Your continued use of the Website constitutes your acceptance of the updated Privacy Policy.

If you have any questions regarding this Policy, please email us at: team@xe.works.

Xeworks (“we”, “us”) is an AdTech platform based on a Real Time Bidding (“RTB”) technology, using machine learning algorithms for maximizing advertising efficiency. We facilitate the purchase of media advertising inventory in RTB auctions, providing a specific software tools for our Customers, advertisers (“Advertiser”, “Demand Side Platform”, “DSP”) and publishers (“Publisher”, “Supply Side Platform”, “SSP”), to deliver targeted advertising materials (“Advertising Materials”) to end users who interact with the Publisher’s websites and/or mobile applications (“Digital Property”). Our AdTech solutions include Xeworks Ad Management Platform (“Services”).

Personal information, or Personal Data, means any information relating to the you and that alone or in cumulative with other pieces of information gives the opportunity to the person that collects and processes such information to identify you as a person. It can be your name, identification number, location data, or information related to physical, physiological, genetic, mental, economic, cultural or social life.

Processing means any operation or set of operations which is performed on personal data, for example, collection, recording, organization, structuring, storage, use, disclosure by any means (whether automated or not) and so on.

Who is the controller of personal information processed?

Controller is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. Xeworks acts as the data controller with regard to data processed through the Website when you interact with it. This means we determine the “why” and “how” of your personal data processing in connection with the Website. If you have any questions about this Policy, please refer to Section “Contact Us” of this Policy.

Please note that with regard to the personal information of the Customer’s users collected through their interaction with the Digital Property, we act as a data processor. For more details please refer to Section “Information processed from the third parties”.

The exact scope of information that we process depends on the purpose and manner with which you visit the Website, interact with us and/or our Services. This Section describes all types of information that we collect and/or process from the Customers and End Users.

Personally Identifiable Information. We collect and further process personally identifiable information when you fill a request form on the Website, including, but not limited to your first name, last name, email, company name. This is information that allows us to identify you as a specific individual. We do so only at your request and the contractual basis applies to such processing. Without these data we will not be able to provide you with the opportunity of possessing the account on the Website.

Data automatically collected when interacting with our Website

Non-Personally Identifiable Information. We may also process information that does not personally identify you. We may collect the following non-personally identifiable information which may include:

• Log File Information

  The log files occur on the website and collect data including your IP address, browser type, operating system, Internet Service Provider, network carrier information.

• Mobile Device Information

  We may also collect the following mobile specific information: device type, make and model, operating system, mobile advertising identifiers, operating system device identifier, the GPS location of your device (if opted-in).

• Non-Precise Geographic Location

  device may be capable of sharing your geographic location with the apps or web pages you visit using the device. It might be possible through GPS coordinates and/or information about Wi-Fi networks in your vicinity. We collect information of your non-precise geographic information, limited to the country and city of the device location.

• Analytics

  We may also collect information, provided by Google Analytics, such as your IP host address, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, number of links you click, search terms, and other data.

• Cookies and Pixel Tags

  These are the small files stored on a User’s internet enabled device (computer, mobile phone etc.) to understand the User’s experience on the website. We use cookies to customize our website to your needs, display personalized content, store the User’s preferences, and measure the promotional effectiveness. We also use pixel tags, some small blocks of code on a webpage that allows us to set, read and modify cookies.

For more information about how we use cookies and similar tracking technologies you can read our Cookie Policy.

Special Categories of Personal Information. We do not collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We may also process information, provided by third parties, including the Customers (DSP, SSP etc.), collected from the End-Users through interaction with the Digital Property with the use of the third parties’ own software and/or services and collected from the End Users.

Such non-identifiable information may include IP address, browser type, operating system, Internet Service Provider, network carrier information, device type, make and model, operating system, mobile advertising identifiers, operating system device identifier, the GPS location of the device (if opted-in), non-precise geographic information, limited to the country and city of the device location. We are not able to determine End-User’s name, email address, or other similarly identifiable information based on the information we process from the third-parties.

We may combine the information we receive from third parties with the information we directly collect from you and use such information according to this Privacy Policy and requirements under applicable EU data protection and privacy laws.

Please note that because collection or use of personal data is specific to their services, please consult the relevant Customer’s privacy statement, privacy notice, or the relevant written contract for the services for more information. We do not have a direct relationship with the End Users. In this respect, we place our partners under the commitment to obtain the End User’s explicit consent for processing personal data that unambiguously signifies that End User’s agreement on the basis of appropriate information in accordance with the law.

Your Personal Information is processed based on the following legal basis:

• the processing is necessary to perform a contract to which which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract (e.g. Terms and Conditions which constitutes a legally binding agreement between you and Xeworks as regards to the provision of our Services);
• the processing is necessary for compliance with legal or regulatory obligations that we are subject to;
• the processing is based on the legitimate interests, provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest to monitor how you are using our Website or any other electronic portals and platforms or access to systems to ensure that the security of our Website or other electronic portals and platforms or systems is maintained;
• the processing is based on your explicit consent to the processing of your personal data.

Prior to any processing of your Personal Information, we will inform you about the applied legal basis and other relevant details, unless we are not allowed to do so according to the applicable legislation.

We may use the information collected in the following ways:

• To provide our services a contractual arrangement with you;
• To administer and protect the Website;
• To carry out business activity;
• To develop new services, features and content;
• To customize the website due to the user’s interests, location, device;
• To deliver the relevant website content to you;
• To prevent providing the same information to the same user;
• To use data analytics to monitor and improve our services and technology, marketing, the User experiences;
• To prevent potential illegal activity and respond to legal requests.

Xeworks commits to use the information collected solely for the purposes described in this Privacy Policy. If we decide to modify and/or add any purpose, we will inform you about all changes and ask for your consent prior to the application of any amendments.

Except as otherwise provided in this Policy, permitted or required under law, we will not intentionally disclose any personal information about you as a specific individual to third parties without your prior consent.

We may share your personal information with the following categories of recipients:

1. Third-Party Service Providers. As we engage third-party service providers, including Demand-Side Platforms (DSPs), Supply-Side Platforms (SSPs), and other partners, we may share information (i) in the course of our business activity, including to better understand the End Users’ preferences, habits, usage patterns, enabling us to deliver relevant content and services through the DSP’s website, in accordance with our contractual relationships and compliance with data processing regulations; (ii) when necessary to detect, prevent any fraud, investigate potential violations of our Terms of Use, or uphold the integrity of our Services; (iii) to ensure security of the Website, protect our property or legal rights, enforce our agreements, or implement any other security measures.
2. Competent Authorities. We may disclose your personal information to competent courts, public authorities, government agencies, and law enforcement entities to the extent required by law or when we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental or law enforcement officials.
3. Third-Party Tracking Technologies. We may disclose your personal information with third parties that collect information on our Website (if applicable) through cookies, web beacons, and similar tracking technologies, but only with your prior and express consent.
4. Business Transfers. In the event of a merger, division, restructuring, change of control, bankruptcy, or other corporate reorganization, we may disclose your personal information to third parties involved in the transaction to facilitate the business transfer.

In some cases, your Personal Information may be or transferred outside the European Economic Area (“EEA”). When this occurs, we ensure that only the minimal amount of personal data necessary for processing is shared, and where possible, we anonymise the data before transferring it.

Please note that we will only transfer your personal data:

1. To countries that the European Commission has deemed to provide an adequate level of protection for personal data; and/or
2. When using certain service providers, we may employ specific contracts approved by the European Commission (such as Standard Contractual Clauses) for transfers outside the EEA, ensuring your data receives the same level of protection it has within the EEA; or
3. In circumstances where exemptions apply under the General Data Protection Regulation. For instance, we may transfer data with your explicit consent after informing you of the absence of safeguards, when the transfer is necessary for the performance of a contract between you and us, for a contract in your interest between us and a third party, or when it’s essential for the establishment, exercise, or defense of legal claims.

We maintain the appropriate administrative, technical and physical safeguards to any accidental or unlawful destruction, loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other form of breach in regard to your personal information. These measures provide sound industry standard security.

Although we make efforts to protect your privacy, Xeworks cannot guarantee a 100% security of any information you transmit to us.

If you believe your personal information has been compromised, please contact us at team@xe.works.

If we find out of any security system breach, we will inform you and the relevant authorities of the occurrence of the breach according to the applicable law.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to meet any legal, accountingm or reporting requirements,, unless otherwise is required by law. The specific retention periods vary depending on the nature of the data and the processing actitivities involved.

In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

Once the retention period has expired, or the personal information is no longer required, we will securely delete or anonymize the data, ensuring it can no longer be linked to you.

Where applicable, we may retain certain personal information for longer periods, if: (i) it is required under certain laws or to comply with law enforcement or other requests (e.g. those related to corporate governance, taxation, anti-money laundering and financial reporting legislation); (ii) there is a reasonable suspicion of fraudulent, unauthorized, or illegal activity; (iii) it is necessary to be used in the investigation, dispute, or complaint resolution.

In some circumstances, we may delete your personal data on your request, as described below in this Policy.

Under the GDPR, Users from EU and EEA are subject to a number of rights regarding the collection and processing of their personal information, including:

• Right to be informed. You are entitled to receive concise, transparent, intelligible, easily accessible information regarding the purposes for processing of personal data, retention periods for storing of the respective personal data, personal data sharing particularities and other.
• Right to access. You are able to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain information about how and why we process your personal data.
• Right to rectification. You may inquire us to rectify inaccurate, incomplete and/or misleading personal data about you, as well as provide us with the accurate, complete and/or updated data.
• Right to erasure. This means that you may request us to delete the personal information that is no longer necessary for the purposes for which it was collected, as well as no legal grounds for processing exists.
• Right to restrict processing. If you have a particular reason to restrict processing in specific situations. This applies if you contest the accuracy of the data, have raised an objection to processing, if processing is unlawful but you oppose erasure, or if we no longer need the data but you require it to establish, exercise, or defend legal claims.
• Right to data portability. In certain circumstances, you can request to receive a copy of your personal data in a commonly used electronic format. This right applies to data you provided to us and if the processing is based on your consent or necessary for the performance of a contract, and it is processed by automated means.
• Right to object. You have the right to object to the processing of your personal data in the following cases: when we process data for legitimate interests, or for direct marketing purposes.
• Right not to be subject to automated decision-making. You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant outcomes for you.
• Right to withdraw consent. Where we process personal data based on your consent, you may ask us to withdraw your consent for processing personal information at any time. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.

If you have any concerns regarding your rights, please do not hesitate to contact Xeworks Data Protection Team at team@xe.works.

We will answer your request as soon as possible and without undue delay but no longer than within one month from the date of its receipt. If your request is complex or you have made multiple requests, we will notify you of any need for an extension and keep you updated.

To ensure your rights are protected, we may ask for specific information to verify your identity. This security measure is designed to prevent unauthorized access to your personal data. We may also contact you for further details to expedite our response.

You also have the possibility to file a complaint to the supervisory authority that is empowered to process such complaints in your country.

This website is not intended for children under the age of 18 and we do not knowingly or intentionally collect any information relating to children.

If you have any concerns regarding, including your rights, please do not hesitate to contact us at team@xe.works.