Data Protection Policy
1. POLICY INFORMATION
1.1.1. Httpool Asia Limited (‘HTTPOOL’), a limited liability company incorporated under the laws of The Government of the Hong Kong Special Administrative Region, with its main establishment and registered office at Room 901-904 & 1003, 9-10/F, Kai Tak Commercial Building, 66-72 Stanley Street, Central, Hong Kong, registration number 50461109-000-03-18-9 and tax identification number COL/PRO/27/50461109, is responsible as the data controller of your personal data.
1.1.2. In addition, this Data Protection Policy (‘policy’) applies to ‘HTTPOOL’ meaning the group of undertakings comprised of HTTPOOL Slovenia as the controlling undertaking and its controlled undertakings comprised of subsidiary and affiliated enterprises and any other enterprise whether to be incorporated as the controlled undertaking or to adhere to this policy. The reference to HTTPOOL, also referred to as ‘we’ or ‘us’, may mean reference to the group of undertakings or an individual enterprise within this group being responsible as the data controller of your personal data as the case may be.
1.1.3. HTTPOOL cooperates with service providers, such as advertisers, publishers and other partners, accounting and IT services providers, wherein within this business cooperation certain personal data could be collected, transferred and processed by such service providers. HTTPOOL cooperates only with service providers, which are in compliance with the General Data Protection Regulation.
1.1.4. This policy applies to information we collect when you access or use HTTPOOL’s website(s), AdPlatform, including the Ad Network, or otherwise interact with us as described below. We are compliant with applicable legislation in the countries in which we operate. By using our services or interacting with us as described below, you confirm that you are aware of this policy.
1.1.5. We may amend this policy from time to time due to change of legislation or us updating our internal policies and practices. If we make changes, we will notify you by revising the date of this policy, and in some circumstances, we may provide you with additional notice, including, for example, by adding a statement to the website(s) of HTTPOOL or by sending you an email notification. We strongly encourage you to review the policy whenever you access or use our services to stay informed about our information practices and your privacy rights and choices.
1.1.6. This policy was prepared by joint cooperation of enterprises comprising HTTPOOL and approved on 25 May 2018 by Angie Chung, Managing Director of Httpool Asia Limited.
2.1.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.1.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.1.3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
2.1.4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
2.1.5. ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
2.1.6. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2.1.7. ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
2.1.8. ‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
2.1.9. ‘group of undertakings’ means a controlling undertaking and its controlled undertakings;
2.1.10. ‘General Data Protection Regulation’ means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
2.2. Purpose of policy
2.2.1. The purpose of this policy is to give you information about what personal data we collect and why we do it, how we collect, use and disclose that personal data, the legal grounds for processing, and your rights in respect to your personal information.
2.2.2. HTTPOOL has adopted this policy in order to ensure the protection of your rights in relation to the processing of your personal data as your fundamental right, to further design the processing of personal data to serve both you, HTTPOOL’s clients, workers and employees and other individuals, as well as to protect HTTPOOL.
2.2.3. HTTPOOL notably strives to further design this policy in order to approved it as binding corporate rules in accordance with Article 47 of the General Data Protection Regulation.
2.3. Business activities
2.3.1. HTTPOOL provides advertising technology services to its clients. Upon opening an account at the AdPlatform connecting advertisers, publishers and other partners through the Ad Network, you provide us with Contact and Business Management Data. Clients use the AdPlatform to provide advertising to end users and we in return provide the services under our AdPlatform to help the clients to provide advertisements to end users. Thus, within its business activities HTTPOOL processes only a very limited scope of personal data notably End User Data, wherein the majority of the information we receive when providing services to our clients is considered to be data of enterprises, notably Business Management Data.
2.4. Types of data
2.4.1. HTTPOOL processes the following categories of personal data:
18.104.22.168. Contact Data: personal name, company name, telephone number and e-mail address, in order to respond to you when you contact us;
22.214.171.124. End User Data: data collected through interactions of end users with advertisements generated using HTTPOOL’s services on behalf of our clients, which may be advertisers or publishers, including internet protocol numbers automatically provided to us when the end user posts information through social media sites, plug-ins or other applications depending upon your privacy settings, geolocation information (generally an end user’s latitude and longitude data) for determining geotargeting and frequency for providing advertisements, all in order for us to perform business;
126.96.36.199. Business Management Data: personal name of employee or worker of the client (enterprise), company name, address, e-mail address, telephone and fax number, the client’s payment details such as bank account number and type of bank account, registration and tax number, information on the profit, submitted using special payment application filled out by the client, all in order to provide services and further our business interests. HTTPOOL uses this information to process payments. Where HTTPOOL uses third-party service providers to manage credit card processing, such personal data are being obtained from the payment service providers.
188.8.131.52. Human Resource Data: personal data of our employees and workers including information about employee’s work permit, employment contract and its termination, labour costs, data on salaries and compensations charged to the employer and data on other labour costs and information on statutory social security contributions for an individual worker, information on the use of working time, medical examinations, health checks of individual groups of workers, completed training for safe work and tests of the workers’ qualifications, accidents at work, collective casualties, dangerous occurrences, established occupational diseases and work-related illnesses and their causes, all in order to comply with statutory provisions and to the extent as permitted by law;
184.108.40.206. Candidate Management Data: personal data of candidates for employment, namely personal name, date of birth, place and the country of birth, address of permanent or temporary residence, actual and required education, work experience, diploma certificate and various other certificates that are attached them to the application (certificate of foreign language knowledge, statement on impunity, recommendations) or other details you provide to us contained in letters of application and résumés, all in order to process your application for employment with us and comply with statutory provisions;
220.127.116.11. Information on Management of Premises: personal data of individualsmaintained regarding entries and exits from the premises, namely the personal name, number and type of personal document, address of residence, employment, type and registration number of the vehicle and date, time and reason for entry to or exit from the premises, all in order to ensure the safety of people and property in our business premise;
18.104.22.168. Sensitive Information: information of employees and workers in relation to medical examination with an assessment of the worker’s compliance with specific health requirements for a particular work in the workplace, health checks of individual groups of workerswith a list of examined workers and an assessment of the fulfilment of specific health requirements for a particular work in the work environment, health status of a group of examined workers, established occupational diseases, sickness-related illnesses or suspicion of an occupational disease, information on the fact and level of intoxication, information whether the worker was under the influence of illicit drugs and other psychoactive substances or not in case testing for illicit drugs and other psychoactive substances, accidents at work, collective casualties, dangerous occurrences, established occupational diseases and work-related illnesses and their causes; all only in order for us to comply with regulatory statutory provisions and to the extent as permitted by law;
22.214.171.124. We ask that you avoid submitting us special categories of personal data including sensitive information and data concerning health, unless such information is legally required and/or the HTTPOOL requests you to submit such information.
126.96.36.199. HTTPOOL has adopted every reasonable step to ensure that personal data are accurate and kept up to date, as well as that inaccurate personal data are erased or rectified without delay, however, it cannot assume liability should your information provided to us not be true, incomplete and/or misleading.
2.5. Legal basis for processing
2.5.1. HTTPOOL processes personal data only, if permitted to do so by the General Data Protection Regulation.
2.5.2. Most commonly, HTTPOOL processes personal data about you because the processing is necessary for compliance with a legal obligation to which HTTPOOL is subject. Special categories of personal data are processed only on this legal basis and HTTPOOL does not process any such data on any other legal basis. Processing of Human Resource Data including Sensitive Information is almost entirely subject to this legal basis.
2.5.3. Furthermore, HTTPOOL processes some personal data where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. Most of the processing employment and work contracts (Human Resource Data), as well as Candidate Management Data is carried out on this legal basis.
2.5.4. Moreover, we process some personal data where this is necessary for the legitimate interests pursued by HTTPOOL (or by a third party) and your interests and fundamental rights do not override these interests. For example, HTTPOOL has a legitimate interest in the processing and transfer of personal data within its group of undertakings for internal business purposes, including centralisation of data processing activities, to design lawfully efficient and workable business processes, to allow cross border teams to work together and to make business processes more efficient and cost effective. Moreover, when HTTPOOL automatically receives your internet protocol number we rely on our legitimate interest by geotargeting advertisements to end users, which is beneficial to the user as an integral part of the social media site, plug-in or other application the user has consented to use.
2.5.5. HTTPOOL may also process your personal data when you have given consent to the processing of your personal data for one or more specific purposes. HTTPOOL has strived and continues to endeavour to obtain consents, which are given freely, specific, informed and present an unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of your personal data.
2.5.6. Where HTTPOOL relies on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
2.6. Use of data
2.6.1. We process your data for the following purposes:
188.8.131.52. Managing of workforce notably with respect to Human Resource Data, Candidate Management Data and Sensitive Information;
184.108.40.206. Communications: enabling response and facilitating communication with you regarding Contact Data;
220.127.116.11. Complying with legal requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal rules, policies and procedures.
18.104.22.168. Services: HTTPOOL processes Business Management and End User Data in order to provide services to clients.
2.6.2. There may be more than one purpose that justifies our use of your personal data in any particular circumstance.
2.6.3. We shall only use your personal data for the purposes for which we collected it. Should we reasonably require to use your personal data for an unrelated purpose, we will notify you thereof and explain the legal obligation or that such processing is compatible with the original purpose, which allows us to use it for another reason. If your consent was granted for a specific purpose, which may contain one or more processing activities, we shall not process your personal data for another purpose other than the purpose for which it was originally collected. Where we intend to perform processing for another purpose on the basis of your initial consent, we shall process your personal data only on the basis of a new consent.
2.6.4. Managing of workforce and complying
22.214.171.124. HTTPOOL manages your Business Management, Human Resource, Candidate Management Data and Sensitive Information within its customer relations management software. The software is designed on a need-to-know basis. Furthermore, our internal privacy and security rules are communicated to all of our employees and workers, instructing them to process personal data in accordance with the respective legislation, internal rules and under highest security processing standards when managing workforce or complying with statutory provisions.
126.96.36.199. HTTPOOL uses your data to operate lawfully, effectively and provide the best experience with our services.
188.8.131.52. We use your data to enable access to the AdPlatform, to provide customer, technical, and operational support, to manage your account(s), to send you technical notices, updates, security alerts and support and administrative messages and to resolve disputes and enforcing of our rights, to detect and protect against errors, fraud, or other criminal or illegal activities and to enforce our client agreements. This may also include analysing, customizing, and improving the AdPlatform, to provide information and analytics to clients about the use of the AdPlatform, to help our clients to create or enhance their services with respect to marketing or analytics.
184.108.40.206. You may access to the AdPlatform by submitting the identification form (Join us form), wherein for certain services it is necessary to create a user account, enabling the user to use certain applications. In these cases, you are required to submit data including Business Management Data. This information is needed to provide services to clients, including access to the application, display of customized content and advertising, communications, transfer of profit deriving from digital advertising, ensuring the technical functioning of the network, research and analysis in order to maintain and protect our services.
220.127.116.11. We also use your data to create inferences about end users geographically categorized in order to enable the enterprises within HTTPOOL to help clients place advertisement in the respective geographical region. For example, if the End User Data indicates that an end user is located in a certain geographical region or country, the AdPlatform enables the client to place advertisements in such region or country. After this process is done, the internet protocol number of the end user is anonymized in order to prevent enterprises within HTTPOOL from other regions or countries, clients and third parties to access or retrieve the internet protocol number of the end user. This process also includes anonymizing internet protocol numbers for statistical purposes.
18.104.22.168. We may also use your data when the AdPlatform interferes with social media sites, plug-ins or other applications provided by advertisers, publishers or other partners. For example, if a worker or an employee of a client intends to advertise on Facebook through the AdPlatform, it has to link its personal Facebook account with the AdPlatform, considering that Facebook does not enable corporate Facebook accounts. After the connection is established, we save his personal name, Facebook identification number and a list of all Facebook advertisement accounts such individual has access to, which we consider Business Management Data since it the individual has opened the AdPlatform account for the client (enterprise), in order for us to invoice the services provided by the AdPlatform. If the individual then revokes his AdPlatform through its Facebook account, we still store his data necessary until the agreement with our client is fulfilled.
22.214.171.124. When an end user visits a website or views an advertisement linked to the AdPlatform we may deploy online cookies to end users in order to better or more accurately control the frequency of the advertisements. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They are typically stored on your computer’s hard drive.
126.96.36.199. Cookies include such strictly necessary for the normal website functions, which cannot be switched off because the website wouldn’t work properly anymore nor do they store any personal data.
188.8.131.52. Cookies are used to help advertisers and publishers serve and manage advertisements across the web. We use Google Analytics cookies that enable us to improve user experience on our websites. They help us understand how our users use the website and decide on the functional and material adjustments in order to show as much useful content as possible.
184.108.40.206. You are free to decline most of our cookies if your browser or browser add-on permits it but choosing to remove or disable our cookies may interfere with your use and functionality of HTTPOOL’s services. You may amend our cookies settings by clicking on the following link:
220.127.116.11. You may delete other cookies as follows:
18.104.22.168.1. Google Chrome – After clicking on the menu icon navigate to settings. On the bottom of the page, expand the settings by clicking on ‘Advanced’. In the ‘Privacy and Security’ panel click on ‘Content settings’ and then ‘Cookies’. You can also type chrome://settings/content/cookies in the browsers address bar;
22.214.171.124.2. Mozila Firefox– click on the ‘Menu’ hamburger icon and navigate to preferences. In the ‘Privacy & Security’ tab head to the history section and click on the ‘remove individual cookies’ link
126.96.36.199.3. Safari – in the ‘Privacy’ menu navigation item, there is an option to ‘Block all cookies’ and to remove them all. You can also click ‘Details’ to remove individual cookies
188.8.131.52.4. Edge– Click on the 3 dot icon and select ‘Settings’. Select the arrow keys next to the ‘Advanced settings’ on the top side. You will see an option ‘clear browsing data’ with which you can clear cookies.
184.108.40.206. We use your Contact Data primarily to respond to you when you have contacted us.
220.127.116.11. In addition, we may use your Contact Data and/or Business Management Data in order to send you promotional communications or newsletters from us through e-mails where you have given consent. You may choose to sign-up for marketing or other communications from HTTPOOL on our website.
18.104.22.168. You may opt out of receiving promotional communications and/or newsletters from us by following the instructions in those communications (unsubscribe button at the bottom of each email). If you opt out of receiving promotional communications and/or newsletters, we may still send you transactional or relationship messages, such as those about your account or our ongoing business relations for as long as the business relationship exists.
22.214.171.124. In case of performing direct marketing upon the first communication at latest, we shall communicate to you our identity and contact details and the details of our data protection officer, the purposes of the processing for which the personal data are intended as well as the legal basis for the processing, categories of personal data, the recipients or categories of recipients of the personal data and other information provided in Article 14 of the General Data Protection Regulation. If we shall process personal data for direct marketing purposes, we shall do so in accordance with Article 21 of the General Data Protection Regulation, wherein you may exercise your rights to rectification, to object and to request from us to permanently or temporarily cease to use or otherwise process your personal data for the purpose of direct marketing. We shall not disclose this personal data to other users.
2.7. Disclosure of data
2.7.1. For the provision of our services, we share personal data with the following unaffiliated third person:
126.96.36.199. Program integrations with AppNexus, Viber, Bidswitch and LG smart TVs for campaign settings, advertisement group targeting settings available on the respective program integration and for advertisements;
188.8.131.52. Social integrations with Facebook, Twitter, Snapchat and LinkedIn for campaign settings, advertisement group targeting settings for advertisements;
184.108.40.206. Other service providers, such as advertisers, publishers and other partners, accounting and IT services providers;
220.127.116.11. Public and Governmental Authorities: entities that regulate or have jurisdiction over HTTPOOL such as regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement requirements.
2.8. Transfer of personal data
2.8.1. For the purposes explained in this policy, HTTPOOL may transfer personal data to a third country or an international organization in case of an adequate decision in accordance with Article 45(1) of the General Data Protection Regulation, without a special permit. In the absence of an adequate decision, the Company shall provide appropriate safeguards in accordance with Article 46 of the General Data Protection Regulation. In the absence of an adequacy decision pursuant to Article 45(3) of the General Data Protection Regulation or of appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the conditions in Article 49(1) of the General data Protection Regulation.
2.9. Data retention
2.9.1. Generally, we retain personal data for as long as necessary to fulfil purposes described in this policy subject to our own legal and regulatory obligations.
2.9.2. Our employees and workers processing personal data are instructed to verify the respective national statutory provisions regarding data retention when processing data.
2.9.3. When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
2.10. Your rights
2.10.1. HTTPOOL enables you to exercise the following rights as determined under the General Data Protection Law and respective national jurisdiction:
18.104.22.168. Right to access: you may obtain confirmation from HTTPOOL to whether or not your personal data are being processed, and where that is the case, access to personal data and information;
22.214.171.124. Right to correct: you may request from HTTPOOL to rectify inaccurate personal data concerning and incomplete personal data completed;
126.96.36.199. Right to erasure: you may obtain erasure of your personal data that we hold as a data controller;
188.8.131.52. Right to restriction of processing: you may obtain from HTTPOOL the restriction of processing;
184.108.40.206. Right of information: we shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.
220.127.116.11. Right to data portability: you may request from HTTPOOL to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and may also request us to transmit those data to another controller without our hindrance;
18.104.22.168. Right to object: you may object, on grounds relating to your particular situation, at any time to processing of personal data concerning based on our legitimate interests. In this case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of our legal claims;
22.214.171.124. Right to object to direct marketing: you may object at any time to processing of personal data concerning you for marketing purposes. Should you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes;
126.96.36.199. We guarantee your right not to be subject to a decision based solely on automated processing;
188.8.131.52. Right to be informed of a breach: we shall notify you that there has been a breach of the protection of your personal data where the infringement of the protection of personal data is likely to pose a high risk to your rights and freedoms;
184.108.40.206. Right to file a complaint: You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.
2.10.2. You may exercise the abovementioned rights through: firstname.lastname@example.org. You may also contact this e-mail to obtain details of the supervisory authorities of the respective HTTPOOL enterprise or to be directed to the respective privacy officer of the HTTPOOL group enterprise.
2.11.1. We have implemented reasonable and effective technical and organisational measures and procedures designed to implement data-protection principles, such as data minimisation, and integrated necessary safeguards into the processing in order to meet the requirements of the General Data Protection Regulations.
2.11.2. We protect your information by using reasonable physical, technical and administrative security measures, including limiting access to your information to employees and workers on a need-to-know basis. To make sure your personal data is secured, we communicate our internal privacy and security rules to all of our employees and workers, strictly enforce privacy safeguards within HTTPOOL and have also designed our internal software in order to meet our high security processing standards.
2.11.3. We advise you to protect your AdPlatform account details including your username and password and not to share this information with any other individual.
Httpool Asia Limited, Room 901-904 & 1003, 9-10/F, Kai Tak Commercial Building, 66-72 Stanley Street, Central, Hong Kong, or email@example.com.