1. Privacy Notice
Covatic is committed to ensuring that your privacy is protected. This Notice sets out how Covatic uses and protects any information that we collect in the course of our business or through our technology platform.
Any data we collect will only be used in accordance with all applicable laws, including the UK Data Protection Act and the EU General Data Protection Regulation (GDPR), and this Notice.
The data will be:
- Used lawfully, fairly and in a transparent way
- collected only for specified, explicit and legitimate purposes and not be used in a way that is incompatible with those purposes
- limited to what is necessary for the purposes for which they are processed
- accurate and amended on request
- kept in identifiable form for no longer than is necessary for the relevant purpose
- processed and held securely.
Covatic may change this Notice at any time by updating this page. We recommend checking this page from time-to-time to ensure that you are up to date with any changes.2. Data Controller and Data Protection Officer Details
The organisation responsible for how your personal information is handled – referred to as a “Data Controller” – is:
- Covatic Limited, a company registered in England with company number 10422855 and registered office at 412-413 Scott House, The Custard Factory, Gibb Street, Birmingham, B9 4AA.
We enable content providers to improve the experience of using their apps by adding contextual awareness. They do this by including our Software Development Kit (SDK) in their app. You can think of this like a tool box they can use to gain audience insights and make changes within their app to improve your experience.
In order for us to process your data, the app owner (who has integrated our mobile SDK into their app) will also be a data controller for such data. In accordance with applicable data protection laws, they will also need to inform you about the use of your personal data, obtain your consent or other legal basis for the processing of that data, and permit you to exercise your rights in a similar way to that set out in Section 7 below.
Depending on the particular configuration, you may be able to change your preferences at any time within the app settings or your account with the owner. We recommend contacting them in the first instance in relation to app/data related questions. Subject to us being able to identify you and link a particular items of data to you (see further explanation in Section 7), we will fully collaborate with any requests that they pass onto us.
If you have any questions in relation to this Privacy Notice, please contact our Data Protection Officer at:
412-413 Scott House, The Custard Factory
Birmingham, B9 4AA
Email: DPO@covatic.com3. What data do we collect and how do we use it?
This section describes how we use personal data relating to the following people:
3.1: Visitors to Covatic.com
3.2: Business Contacts
3.3: Authorised Users of support.covatic.com and Zendesk
3.4: Users of apps that utilise our SDK3.1 Visitors to covatic.com
Our corporate website, www.covatic.com, provides general information about Covatic and our products and services; we also maintain a blog and various social media channels.What personal information are we collecting?
a. Personal information automatically collected from your interaction with our website:
We collect data (including from third parties such as Google Analytics) about how you access and use our website. This includes information such as IP address, browser type and version, browser plug-in types and versions, operating system and platform, other technology on the devices you use to access our website and information on pages viewed and navigated to and from.
b. Personal information you share with us:
We may collect personal information that you submit directly to us, e.g. when you complete a form or contact us with enquiries. This information will include data such as name, company, email address, telephone, and the issues you are contacting us about.Why do we need to store and use this information?
We collect, store and use your personal data including your name, contact details and other information submitted to us and service usage data for our legitimate interests, namely:
- making the website available to you and improving our website content;
- developing and promoting our business and communicating with you about this;
- responding to your questions or inquiries.
We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes. However, no single individual or device will be identifiable from the anonymised details we collect for these purposes.
Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission of information via the internet is guaranteed to be completely secure. We cannot, therefore, guarantee the security of any personal information that you transfer over the internet to us. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
These processes relate to your requests or browsing activity and so there will be no negative impact on your privacy or rights. Use of this data is necessary for the business interests described and within what internet users should reasonably expect. We will revisit this assessment periodically to ensure that this ground remains valid for processing the particular data.Cookie / Website analytics
Our website may use Google Analytics cookies, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us measure our audience and their interactions with our site and understand website traffic and webpage usage.
You can change your cookie preferences in your browser settings or in the case of Google Analytics use the personal data tools provided by Google.
We also need to process your personal data if we have or are considering a business relationship with you.What personal information are we collecting?
This may include data relating to you / your company e.g.:
Why do we need to store and use this information?
- work email
- work phone
- work address
- company name and details
- skills, professional qualifications and experience
- contract and payment details.
Processing this data is necessary in order to perform a contract we have with your company, e.g.:
- with Covatic clients (e.g. app owners such as broadcasters or content providers) in order to manage our services, issue invoices and collect payments, and keep records and provide customer support (see also Section 3.3 below);
- with suppliers, service providers or other partners: in order to collaborate and purchase and pay for goods, services or licences;
- or for our legitimate interests in managing and growing our business, e.g.:
- with potential clients or partners, in order to expand Covatic’s business and resources;
- with potential suppliers and other business contacts in order to evaluate and negotiate the purchase of goods, services or licences;
As this data always relates to your professional life (work email, work telephone, information about contracts etc.) and/or is obtained from sources where it is voluntarily offered (e.g., websites, trade shows, professional networking) there will be no negative impact on your privacy or rights, it is necessary for the relevant purposes, and our use is within what a professional data subject would reasonably expect. We will revisit this assessment periodically to ensure that this ground remains valid for processing the particular data.
Although applicable laws do not require us to obtain your consent for such data processing, you may still be entitled to exercise your statutory rights in relation to such processing where applicable (see Section 7 below).3.3 Authorised users of support.covatic.com and Zendesk:
Our customer support website is support.covatic.com which allows access to Zendesk, a service company who facilitates and administers data on our behalf including a support system and knowledge base to store e.g. documents, and FAQs. The users will have to be given access by Covatic.What personal information are we collecting?
We use Zendesk in order to provide support to our clients. To submit a request for Covatic customer support (for example, for help with configuring your system), you must submit a working email address; this is required for us to be able to communicate with you about investigating and resolving your support issue. To make best use of this service, we may collect the following data:
Why do we need to store and use this information?
- Registration details
- Business contact details
- Descriptions of the issue
- Emails are tracked and responded to through Zendesk so could include personal data
We collect, store and use your personal data including your name, contact details and other information submitted to us and service usage data for:
(a) Performing our contracts with our clients, which may include service levels and obligations to assist reasonably with support requests;
(b) our legitimate interests, namely:
- administering the services
- dealing with your enquiries and support requests
- developing and promoting our business and communicating with you about this.
These processes relate to your requests and work related data and so there will be no negative impact on your privacy or rights. Use of this data is necessary for the business interests described and within what our clients should reasonably expect. We will revisit this assessment periodically to ensure that this ground remains valid for processing the particular data.
Zendesk, Inc. (including its group entities) is a data processor on Covatic’s behalf for the purposes outlined in this section. It is certified under the EU-U.S. Privacy Shield permitting data transfers to the USA, and in addition has in place Binding Corporate Rules that permit data to be shared legally between its group entities.3.4 Users of apps that utilise our SDK
Our SDK is private by design. All Personally Identifiable Information (PII) remains secure within the SDK on your device; it is not shared with the app you are using, our clients, or our cloud storage.
nstead we use this data as inputs to our algorithms, this includes: your phone’s location and your activity, provided you have granted permission via your device operating system. It is the result of these algorithms that the app you are using processes, not the PII itself.
There is no way for Covatic to know who you are. All PII is kept within your own device.What personal information are we collecting?
We collect non-identifiable data about your opportunities and engagement related to media or content. We also collect anonymous data about the performance of our SDK and device details.
We do not process any information which could be used by Covatic, directly or indirectly, with the help of a third party or otherwise, to determine your identity or contact you. We do not know who you are. We do not know your address, your place of work, your date of birth, your email address or any other personally identifiable data about you. We do not process special categories of data (sometimes also referred to as sensitive data) such as your health, race, religion, your political opinions etc.
We do process the following information on an aggregated basis:
Why do we need to store and use this information?
- General profile information provided to us by the app you have downloaded from one of our clients, including:
- Age range
- Media consumption related information, including:
- Content meta data (e.g. what were you watching, reading etc.)
- Timestamp and duration (e.g. when and for how long you watched a video)
- Activity (e.g. while listening, you were walking)
- Generalised context, importantly this is not your location (e.g. rather than a specific named station or place, we know you were ‘in transit’ e.g. if you were on a train between two stations)
- Media opportunity related information, including:
- Timestamp and duration
- Format (e.g. video, audio)
- Location-related information
- Location-related device settings, such as the device’s country code, language setting, and time zone
- Anonymous data based on tile coordinates, which reference a square on a map, not a specific latitude and longitude
- Information about the internet connection used to access our services, including:
- Network type (e.g. wifi)
- Timestamp and duration (i.e., when the device connected to our services began and how long the connection lasted, for a given session)
- Information about the device itself, including:
- Whether it is a smartphone or tablet
- What operating system and version it uses (e.g., iOS, version 11.0)
- Model and manufacturer (e.g., Apple iPhone X, Samsung Galaxy S8)
- Screen size, screen density, and other information relevant to formatting and display
- Information about the app and our SDK for anonymous analytics and operations including:
- SDK identifier (a string of numbers and letters unique to your smartphone)
- Which version of our SDK is integrated in the app used to access our services
- SDK performance (e.g., if there was a failure to connect to our cloud service layer)
We provide services to our clients that allow their apps to enhance your in-app experience by understanding more about your preferences, your availability to consume media content, the format that works best for you at a particular time (e.g. audio not video when walking).
The app may use this data to alter the user interface or suggested content to deliver this enhanced experience.
For our clients, we provide insights in the form of aggregated data, which does not include any individual personal data. They may use these insights to improve their content strategy and recommendation services.
In addition, we have a legitimate interest in processing the aggregated geo temporal data for the following business purposes:Optimising mobile app experiences
- Analysing trends and behaviours in apps and in the movement around cities and places.
- These processes relate only to anonymised and aggregated data and so there will be no negative impact on your privacy or rights.
We do not and will not knowingly collect information from any unsupervised child under the age of 13. If you are under the age of 13, your parent or guardian has to provide us and our clients with their consent.5. Recipients of your Data
Covatic has internal policies and controls in place to prevent your data from being lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to personal information to those employees or third parties who have a specific need to know in the performance of their duties.
For our clients, we provide insights in the form of aggregated data, which does not include any individual personal data.
We provide data to other companies in our corporate group and technical service providers inside and outside the EU that require access to data in order to assist us in providing our services. Where Covatic engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data. We only permit third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
If we transfer data internationally to other places, then we always do so on the basis of legal safeguards to ensure the security of your data which may include:
6. How long do we keep data?
- the EU-US Privacy Shield for transfers to business partners in the US; or
- European Commission approved standard contract clauses for other transfers outside the European Economic Area.
- Where this is required by law, we will provide a copy of the safeguards applicable to your personal data, if requested.
- Finally, if any authority, police force or regulator requested data from us, then we would normally comply with such request without having to notify you.
We will retain your data (including personal information) for as long as necessary for the purpose for which it was collected. However, please note that personal data may need to be retained longer to comply with our legal obligations, resolve disputes or enforce our agreements.
We do not keep in identifiable form any end user data obtained through our clients’ apps.
Where we have a contract with your organisation, we will normally retain data for at least 6 years after the contract terminates in order to address any claims or legal issues that could arise.
Where data is not processed in relation to any contract (e.g. business development data) we will keep it for up to 2 years after the last contact.
We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.7. What are your rights?
You also have a number of rights in connection with personal data that relates to you. In particular, you can:
- request access to your data
- require Covatic to change incorrect or incomplete data
- require Covatic to delete or stop processing your data, e.g. where the data is no longer necessary for the purpose for which it was collected
- object to the processing of your data for specific purposes e.g. where Covatic is relying on its legitimate interests as the legal ground for processing
- ask Covatic to restrict processing of data for example pending resolution of a dispute over necessity of processing or where deletion is not an available option; and
- request the transfer of your information to another party.
Covatic’s processing of your data is normally necessary for the reasons set out above and we do not usually require or ask for your consent. In cases where we do rely on your consent, then you may withdraw that consent at any time, although any processing prior to withdrawal will remain lawful.
If you would like to exercise any of these rights, please contact Covatic’s Data Protection Officer at DPO@covatic.com
As indicated above, Covatic does not process contact or ID data such as names or emails and so, while we will always investigate any request thoroughly, often it will be impossible for us to know whether or not we are processing any data relating to you, or we may not technically be able to locate it. In accordance with legal principles of data minimization, it is our policy not to request further information from you in order to try to link particular data to a particular person. However, as you cannot be personally identified or contacted using any data that we hold, this information is effectively anonymous in our hands.
We will always do what we can to cooperate and explain any decisions that we have made. If you believe that Covatic has not complied with your data protection rights, you have a right to complain to the relevant Supervisory Authority which in the UK is the Information Commissioner’s Office.8. IAB Europe Transparency & Consent Framework
Covatic participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Covatic’s identification number within the framework is 1104.9. Contact us
If you would like further information in relation to any of the above, please contact us by emailing our Data Protection Officer at DPO@covatic.com
Last updated: 11 March 2022