SHANGYOUJIA TECHNOLOGY (HK) LIMITED (“AdView,” “we,” “our,” or “us”) provides this privacy policy to explain how we collect, use, and share information. This privacy policy (“Policy”) covers AdView’s handling of two types of information:

1.Information we receive about end users (“End Users”) of third-party mobile applications (“apps”) that use our Software Development Kit (“SDK”), the AdView Ad Exchange (“AdView ADX”) (collectively, the “AdView Ad Services”), and

2.Information we receive through our website at https://www.adview.com or any other website on which this Policy is posted, as well as information we get through other corporate services and web portals, we make available to clients and business partners (“AdView Websites”). We describe the information received through the AdView Websites in Section 5 below, entitled “Privacy Practices for the AdView Websites.”

We encourage consumers to learn about how information (including information we collect) can be used to market to them, and how to exercise their choices to permit or limit such marketing. We describe ways consumers can exercise that choice or opt-out of marketing in Section 4 below, titled “Consumer Control and Opt-Out Options.”

1. Introduction and Background

AdView provides mobile advertising technology services that facilitate transactions among demand-side platforms, advertisers, app developers, publishers of mobile websites and/or apps, and ad exchanges (collectively, “Clients”), and service providers (collectively “Partners”). We do this by making available the AdView Ad Services and other tools to Clients. Clients use the AdView Ad Services and other tools to deliver advertising to End Users, and we in turn provide our services to help Clients (and their own customers) to deliver ads that are of interest to End Users. We explain what SDKs and APIs are in Section 3 below, titled “Cookies and SDKs,” which also explains how cookies and similar technologies (which we also use to provide the AdView Ad Services) work.

2. Privacy Practices for the AdView Ad Services

a. Information Collected Through the AdView Ad Services

Through the AdView Ad Services, we may collect information about End Users (to the extent that Clients pass such information to AdView), which includes:

•IP addresses, from which geographic location may be inferred, as well as system configuration information such as information about End Users’ operating system;

•Rough geolocation information;

•Mobile advertising identifiers, such as iOS IDFAs and Google Advertising IDs (collectively, “Mobile IDs”);

•Device type and other device information (e.g., whether an End User is using a smartphone or tablet, and related information);

•Network provider;

•Mobile browser (e.g., Firefox, Safari, and Chrome); and

•Other unique identifiers that may be associated with an End Users’ device, including identifiers provided by Clients or their service providers.

We refer to all of the above information as the “Service Information.”

b. How We Use the Information Collected Through the AdView Ad Services

We use the Service Information to provide a variety of services to our Clients related to advertising and marketing, including services we may describe elsewhere on AdView Websites. This includes use of the Service Information for purposes such as to:

•Provide customer, technical, and operational support for the AdView Ad Services, detect and protect against errors, fraud, or other criminal activity, and resolve disputes and enforce our terms and conditions and other rights we may have. This may also include analyzing, customizing, and improving the features of the AdView Ad Services;

•Provide information and analytics to Clients about the advertising inventory provided through the AdView Ad Services;

c. How We Share Information We Collect Through the AdView Ad Services

We share the Service Information with Clients and Partners in order to provide the AdView Ad Services. For example, we share the Service Information with:

•Clients and their marketing and service providers, so they may provide targeted advertising to End Users on mobile websites and/or apps;

•Partners that facilitate the functioning of the AdView Ad Services (e.g., traffic and ad quality verification vendors and data centers).

Even when a Client no longer accesses our SDK, we may continue to use and share Service Information as described in this Policy. The processes we described above often involve Mobile advertising identifiers or similar technologies, which may be associated with other information about End Users, such as End Users’ interests, demographics, or transactions. This is generally known as “interest-based advertising.” We encourage individuals who are interested in controlling or learning about this type of advertising to go to Section 4 below, titled “Consumer Control and Opt-Out Options,”. We may also share Service Information with third parties:

•Pursuant to a request or authorization by an End User or Client;

•If the disclosure is provided to: (a) comply in good faith with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas, including for purposes of national security and law enforcement; (b) enforce our terms and conditions or other agreements; or (c) protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity;

•Where the information is aggregated or de-identified; and

•As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence).

3. Cookies and SDKs

a. Cookies

Cookies are small data files containing a string of characters, such as unique browser identifiers. Cookies are stored on your computer or other device and act as unique tags that identify your browser. Our servers may deploy a cookie on your browser when you visit the AdView Websites. AdView may use both session cookies and persistent cookies. Persistent cookies, unlike session cookies, remain after you close your browser, and may be used by your browser on subsequent visits to any given website. Using persistent cookies, a site operator (or a third party they work with) can “remember” what you have previously done on a website and personalize the site, or ads you see, for you. This technology may also provide a site operator or third party (or us, when you visit the AdView Websites) with information regarding your IP address, browser type, the web pages that you visit just before or after visiting a website, the web pages viewed, and the dates and times of your visits. We, alone or with our Clients and Partners, may use cookies to, for example, “remember” you, track trends, and collect information about how you use our Clients’ or Partners’ websites. We, and our Clients and Partners, use cookies to provide relevant content to you. If you wish to opt-out, please see Section 4 below, titled “Consumer Control and Opt-Out Options.” Please note that disabling cookies may prevent you from accessing some of the AdView Websites’ functionalities and offerings, and those of other websites you visit.

b. Mobile Device Identifiers and SDKs

We, or our Clients or Partners, may use or work with mobile SDKs (including our own SDK(s), which are described in more detail in this Policy) to collect information, such as Mobile IDs, and information related to how mobile devices and their users interact with our AdView Ad Services and those using our AdView Ad Services. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services to be implemented. Sometimes, we obtain data through other (generally, simpler) interfaces that deliver similar data to us, which are commonly referred to (and which we refer to) as APIs. We may use these technologies, for example, to analyze or measure certain advertising through apps and browsers based on information associated with your mobile device. If you would like to opt-out from having ads tailored to you in this way on your mobile device, please follow the instructions in Section 4 below, titled “Consumer Control and Opt-Out Options.”

4. Consumer Control and Opt-Out Options

In most cases, consumers have control over whether or not they would like to receive relevant ads and marketing emails from our Clients. To change the settings for the cookies AdView sets on your devices through the AdView Websites, please contact us at partner@adview.com.

a. Opting Out of Cross-App Advertising on Mobile Devices

You can opt-out of having your Mobile IDs used for certain types of interest-based mobile advertising (also called “cross-app advertising”), including those performed by AdView, by accessing the settings on your Apple or Android mobile device, as follows:

•Apple Devices: If you have an Apple device, you can opt-out of most cross-app advertising by updating to iOS 6.0 or higher and enabling “Limit Ad Tracking.”

oiOS 7 and Higher: Go to Settings → Privacy → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’

oiOS 6: Go to Settings → General → About → Advertising, and toggle “Limit Ad Tracking” to ‘ON.’

•Android Devices: If you have an Android device, you can opt-out of most cross-app advertising by going to Google Settings → Ads, and selecting the option to opt-out of interest-based ads.

Please note that these platforms control how these settings work, so the above instructions may change, and the precise language may be different on certain (particularly, on older) devices. Likewise, if your device uses other platforms not described above, please check the settings for those devices.

b. Additional Choices

Advertisers may also provide ways for you to opt-out from, or limit their collection of, certain information from and about you. Please refer to the privacy policies for retailers, apps, and mobile websites to learn more about their privacy practices. You may opt-out from receiving promotional emails from us, such as emails to inform you about events and new services, by following the “unsubscribe” instructions in any promotional email you receive, or by contacting us at partner@adview.com. Please note, however, that we may still send you non-promotional emails relating to your relationship with us.

5. Privacy Practices for the AdView Websites

a. Information We Collect Through the AdView Websites

The AdView Websites provide information regarding AdView and our products and services. Through the AdView Websites, we collect the information you voluntarily disclose to us, and we may also obtain automatically-collected information.

i. Information You Disclose to Us

When registering for an account, expressing an interest in obtaining additional information about AdView or our products and services, or otherwise contacting us through the AdView Websites, we collect the information you voluntarily disclose to us, such as your company name, mailing address, email address, telephone number, banking account number, and other billing information. You may also provide us with certain information about your business or other individuals.

ii. Automatically-Collected Information

When you visit the AdView Websites, we may use cookies that we associate with unique identifiers to keep track of visitor interactions and personalize your experience on the AdView Websites. To opt-out, please contact us at partner@adview.com.

b. How We Use Information We Collect Through the AdView Websites

In addition to the uses described elsewhere in this Policy, we use the information we collect through the AdView Websites (alone or in combination) to provide, market, improve, and operate the AdView Websites, AdView Ad Services, and any other products or services we have or may develop. This includes use of the information to:

•Fulfill your requests;

•Send information about our products and services, including marketing communications;

•Respond to your questions, concerns, or customer service inquiries;

•Create aggregated or de-identified information;

•Comply with applicable laws, prevent fraud, mitigate risk, and perform similar purposes;

•Understand usage trends and preferences;

•Analyze, improve, and provide products and services;

•Customize the content you see on the AdView Websites; and/or

•Perform other purposes at your request.

c. How We Share Information We Collect Through the AdView Websites

We may share the information we collect through the AdView Websites in the following situations:

•With your consent, including through this Policy;

•With our affiliates;

•With third parties that help us to operate our business and provide our services, such as entities that provide us with technical, customer, billing, administrative, event planning, marketing, or operational services;

•As part of a business purchase, sale, merger, consolidation, investment, change in control, transfer of all or substantially all of our assets, reorganization or liquidation, bankruptcy, or in connection with steps taken in anticipation of such an event (e.g. due diligence);

•When required by law or in response to lawful process, such as a subpoena, or to cooperate in good faith with a request from a government or law enforcement agency or official, including for purposes of national security and law enforcement;

•If we believe sharing the information may prevent physical, financial or other harm, injury, or loss; or

•If we believe sharing the information is necessary to protect our, or any other person’s or entity’s, interests, rights, property, or safety, or in connection with an investigation of suspected or actual unlawful activity.

With respect to aggregated or de-identified information, we may share such information without restriction.

6. Data Access and Retention

Generally speaking, we retain the information collected from the AdView Websites and AdView Ad Services for as long as necessary to achieve our objectives as detailed in this Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements. If you are a resident of the European Economic Area (EEA), Switzerland, the United Kingdom (UK), California, or Virginia, you may obtain a copy of the information we have about you, and correct or amend such information, by contacting us at partner@adview.com or by submitting a request to our online web form. 

7. Data Security

We have administrative, technical, and physical safeguards in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to protect the information from loss, misuse, or alteration. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your information. To assist with data security, you understand that you are responsible for maintaining the secrecy of any account credentials that can be used to access any account with AdView. Any actions taken using your account credentials are your sole responsibility.

8. Third-Party Websites and Apps

This Policy only applies to the AdView Websites and the AdView Ad Services. We are not responsible for the privacy practices or disclosures of websites, developers, or apps that access or use the AdView Websites or AdView Ad Services. Likewise, when you access the AdView Websites, you may be directed to other websites that are also beyond our control. We encourage you to read the applicable privacy policies and terms and conditions of such third parties and websites, and the industry tools that we have referenced in this Policy.

9. Users from Outside the United States

The AdView Websites and AdView Ad Services are provided, supported, and hosted in the United States, and their operation is governed by United States law. If you are using the AdView Websites or AdView Ad Services from outside the United States, be aware that your Information may be transferred to, stored, and processed in the United States and other countries where our facilities are located. The data protection and other laws of the United States might not be as comprehensive as those in your country. By using the AdView Websites or AdView Ad Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share your information as described in this Policy. Please see Section 11 below, titled “The EU General Data Protection Regulation (GDPR)” for additional information we provide for the benefit of residents of the EEA, Switzerland, and the UK.

10. California Privacy Notice

Please see our California Privacy Notice for California Consumers here.

11. The EU General Data Protection Regulation (GDPR)

As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (the “GDPR”) will be in effect through the EEA, Switzerland, and the UK. The GDPR requires AdView and those using our services to provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used under the GDPR that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, Mobile IDs, and precise location data. To comply with the GDPR, we provide the below representations and information, which are specific to persons located in the EEA, Switzerland, or the UK and to the processing of personal data.

a. Legal Grounds for Processing Personal Data

The GDPR requires us to tell you about the legal ground we are relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Sections 1 and 2 above (and Section 5 as to the AdView Websites) will typically be because:

•You provided your consent. In order to store and gain access to information stored on your device, we rely on your consent. For this “consent”, we rely on mobile app developers and oblige them contractually to pass on only legally obtained data. We do so to fulfill our obligations under the ePrivacy Directive. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal;

•The processing is in our legitimate interest. In some cases, we rely on legitimate interest as a legal basis for processing Personal Data, in order to provide our and/or other data controllers’ services. Such processing goes beyond the original collection of Mobile IDs. A legitimate interest we rely on, for instance, is the tailoring of promotional communications within mobile apps and services, which is beneficial to End Users and is an integral part of the ecosystem by which freely available content is funded through advertising revenue. This also may include providing analysis of and reporting about ad campaigns. We also rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed;

•Contractual relationships. Sometimes, we process certain data as necessary under a contractual relationship we have (such as our customer records and contact information);

•Legal obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.

b. Transfers of Personal Data

As AdView is a global company and works with other global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties that we work with who may be located in jurisdictions outside of the EEA, Switzerland, or the UK, and which may have data protection laws that are less strict in comparison to those in Europe. When we transfer Personal Data outside of the EEA, Switzerland, or the UK, we take steps to ensure appropriate safeguards are in place to protect your Personal Data. Your Personal Data will only be transferred to third countries outside the EEA, Switzerland or the UK within the legally permissible framework. We transfer Personal Data to third countries outside the EU/EEA (a) as stipulated by law or based on your consent, (b) based on the adequacy decisions of the European Commission (a public and updated list of these countries can be found here) and (c) by contractual regulations such as the EU Standard Data Protection Clauses (a public and updated list of these clauses can be found here). These safeguards shall ensure an adequate level of protection of your Personal Data and you can access further details regarding these safeguards upon request. AdView comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 

c. Personal Data Retention

As a general matter, we retain your Personal Data for only as long as necessary to provide our AdView Ad Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally render Mobile IDs inactive within 15 days, provided that we may retain them if we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance accounting, or bug-fixes. If you are a Client of ours and thus have an account with us, we will typically retain your business-to-business Personal Data for a period of 3 years after you have requested that your account be closed, or such account has been inactive.

d. Your Rights as a Data Subject

The GDPR provides you with certain rights in respect to Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to our processing of your Personal Data (including profiling for online ad targeting).

•Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you may do so by requesting access through the e-mail address partner@adview.com. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. We will then assess requests to exercise data access rights on a case-by-case basis; in doing so, we consider the difficulty of verifying whether a mobile identifier and data we have linked to it truly and solely belongs to the data subject making the request, as well as the potential adverse effects on disclosure of personal data to the wrong individual. Because such improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may limit the Personal Data we make available. Please note that we will only grant requests submitted via email for Personal Data for which we are a data controller, as explained further below. Where we act as a data processor for one of our Clients, we will refer your request to that Client. Please identify the Client your request refers to (if possible), to simplify this process.

•Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.

•Right to Object to Processing or to Withdraw Consent: By using the device-based “opt-out” signals described in Section 4 above, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.

•Right to Erasure. You also have the right to obtain the erasure of Personal Data concerning you that we hold as a data controller. The above opt-out process satisfies this right. When an End User opts-out through device settings, and we receive this signal from our Clients, the Personal Data we use to provide our services will be deleted within 30 days (if you have an Android device) or permanently rendered disconnected to your device (if you have an iOS device). We will also manually delete your Personal Data, subject our identity verification process mentioned above, if you prefer that we do so; please contact us at partner@adview.com for further instructions on exercising this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or backup files, for our own internal and necessary purposes, such as auditing, accounting and billing, legal, or bug detection. We will retain your Personal Data for the period necessary to fulfill any important purposes that we have in retaining it, principally regarding legal, auditing, accounting, and billing obligations.

•Right to Lodge Complaints. You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.

e. AdView as a Data Controller and a Data Processor

EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, we encourage you to direct your inquiry to the relevant data controller, since data controllers hold primary responsibility for your Personal Data. AdView may act as either a data controller or a data processor in handling your Personal Data, depending on the precise circumstances. For instance, for Personal Data that we use internally and independently to operate the AdView Ad Services, and for Personal Data that we collect about our Clients, we are a data controller. But when we handle Personal Data strictly on behalf of our Clients or Partners in order to provide our services to them, we are a data processor. Thus, for instance, if you have questions about data that is used primarily by a mobile app on which our technology is embedded – or companies that serve ads that use our technology – you should contact those companies regarding questions about the Personal Data they handle and control.

f. Contact Details and Controller

This data protection information applies to data processing by the data controller AdView for users based in the European Economic Area, Switzerland or the UK, unless otherwise stated in a service-specific data protection notice.

12. Our Memberships and Affiliations

To help and foster the protection of consumer privacy, AdView is an active member or participant of industry associations that govern the policies on consumer privacy in the context of internet-based advertising, including: the IAB Technology Laboratory (Tech Lab), the Interactive Advertising Bureau (IAB) Europe. AdView participates in, and complies with the policies and technical specifications of, the IAB Europe Transparency and Consent Framework (IAB TCF). AdView’s IAB Europe-assigned identification number is Vendor ID #1022. Please see Section 4 above, titled “Consumer Control and Opt-Out Options,” for more information about your privacy choices.

13. Changes to This Privacy Policy

We may occasionally update this Policy to reflect changes to our privacy practices. The amended Policy will be displayed on the AdView Websites. Please check our Policy regularly to ensure you have read the latest version and to stay informed of our privacy practices. Your continued access to and use of the AdView Websites and AdView Ad Services constitute your acknowledgment of this Policy and any updates.

14. Contacting Us

If you have any general questions regarding this Policy, you may contact us by email at partner@adview.com or mailing the following address:

FLAT/RM 6A  BLK 1  4/F SOUTH SEAS CENTRE, 75 MODY ROAD, KL HONG KONG