The data protection declaration applies to all processing of personal data that we carry out, both in the context of the provision of our services and in particular on our websites and in mobile applications.
Hosted Services: Online services delivered without web applications.
Interested Parties: Person or organization who has financial benefits from our services without having direct contractual relation with us.
Device: is referred to any device with a digital screen, CPU, operating system and internet connection which is able to run softwares (such as but not limited to Android tablets, TVs, TV Boxes etc.) and play video, audio, text and image content.
Content Management System (CMS): is a hosted service as an online software product developed to create and manage content and advertising on devices registered to CMS.
System: is referred to sum of all softwares (including but not limited to CMS and Android Application) working together to provide service under the product name of Advixta for the purpose of creating, managing and broadcasting advertising and content in cars and public places
Partner: is a legal entity carrying out commercial activities using the System in accordance with the general terms and conditions and license agreement. Partner is our customers with contractual relations, who use our services to sell advertising and provide content at their commercial places to their visitors or clients for the purpose of generating revenue from advertising that they sell.
User: is an individual, with an authorized account in the CMS and agreed to the processing of personal data in accordance with the general terms and conditions, specified on the terms and conditions page. Users may be assigned to different roles and rights according to their hierarchy and position in the Partner organization.
Partner Supervisor: is a type of user role in the System for official representatives of the Partner. Partner Supervisor is the manager in the Partner’s organization with rights to add and approve users.
Partner User: is a type of user role, registered in the System by the Partner Supervisor. Partner Users have limited rights in the System assigned by the Partner Supervisor.
Super Admin: is administrative personnel of the System with maximal number of possible user rights within the System (a legal representative of the organisation owning the software product).
Personal Data: is the personal data provided by the user in a voluntary form by registering in the System, by confirming their consent to data processing and storage, and the information collected during the work with the System.
Commercial Information: is the data related to the Partner’s activities within the System such as but not limited to information on Partner devices, active content uploaded by users having authorized access to the partner’s sections, billing information, as well as the other information related to any partner’s commercial activities.
What data do we collect?
We collect the following data:
- User login (required)
- User password (required)
- Email address (required)
- Interface language used by the user (required, during registration it is set as the main language of the country specified by user)
- Phone number (required only for the Supervisor role for communication and verification)
- Username (optional)
- Date of birth (optional)
- User city (optional).
Categories of data subjects
We collect data from the following group of subjects:
- Employees (e.g. employees, applicants, former employees).
- Partners (e.g. business partners)
- Interested persons.
- Communication partner.
- Users (e.g. website visitors, users of online services).
How do we collect your data?
You directly provide us with most of the data we collect. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
- Use or view our website via your browser’s cookies.
- Devices information through synchronization with CMS.
User registration in the System is limited to a minimum set of personal data:
- User login (unique over the System) with the minimum length of at least 6 characters in the basic configuration.
- User password with the minimum length of 6 characters in the basic configuration. For security reasons, user passwords are stored using cryptographic hash function, meaning that the System doesn’t have access to the original passwords and will be only able to generate a new password via a secure password reset procedure initiated by an authorized user.
- Email address for user verification, receiving service messages consented by user on the personal account page and secure password reset procedure.
- Phone number to verify individuals and to communicate with, in case of necessity.
Handling Your Data
How will we use your data?
We collect your data so that we can:
- Process your order and manage your account.
- Email you with special offers on other products and services we think you might like.
- Ask for feedback or surveys.
- Understand consumer interest and behaviour.
- Build profiles of consumers.
- Test and improve safety measures.
- Make remarketing.
- Track account usage and returning customers.
- Build new campaigns and benefits for you.
- Manage and answer your inquiries.
- Form groups of target customers.
When we process your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
How do we store your data?
We securely store your data in our servers with strict control and limited access to Partner Supervisors and users.
The System provides work with the data through query objects, controlling and preventing known or potential attack vectors on authorization process or unauthorized access to individual data tables.
For isolation, data is stored in different database tables, depending on the corresponding information sensitivity level:
- Username, date of birth, city and language
- User login
- Results of the cryptographic hash function from user password.
To increase the existing level of security, individual tables containing personal user data may be securely relocated to third-party servers, performing on an equal or higher level of data security.
To prevent unauthorized access to user accounts the System is monitoring and recording the number of failed authorization attempts for each individual user account. If the System algorithms detects exceeding of failed authorization attempts, the user account could be temporarily blocked and the user will be immediately notified using consented communication channels.
SSL & TLS encryption: All network communications with the Server are done using cryptographic protocols. SSL encryption is shown as the “https” prefix in the address bar of your browser.
Who can access your data?
Accessibility to personal data by other users within the System:
The System operating process is based on the hierarchical user role models with the sets of access rights and permissions. Any attempts of unauthorized access or exceeding the limits based on user role are recorded by the System.
Super admin user role has an exclusive number of user rights to view the data of all registered users in the System, except personal data hidden by users via visibility flags in the corresponding data field.
Supervisor user role has access to users registered in the System as employees of the same Partner. Registration of partner employees is one of the permitted rights of the partner Supervisor user role. However, Supervisor doesn’t have access to sensitive personal user data, like existing or newly generated system passwords, as well as data hidden by users via visibility flags in the corresponding data field.
Usage of the personal user data:
In addition to the hierarchical user role models, user’s activity in the System is strictly limited by affiliation of the user and partner (organization, represented by this user) limiting access to any other sensitive data.
All activity of a user in the System is separated between Partners, limiting access to view, delete or transform any data of other Partners, Users or third parties authorized in the System.
Personal data of the users are not shown in web pages within the System other than account details which is accessible only to that user (except above-described Super Admin and Supervisor roles). Available pages of the System give users an access only to technical and service information for operations of partner devices and the creation or displaying information on content owned by the same partner.
We would like to send you information about products and services of ours that we think you might like.
If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop us from contacting you for marketing purposes.
If you no longer wish to be contacted for marketing purposes, please write to email@example.com
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org , we have one month to respond to you.
Advixta application on the device uses the device’s camera for face detection purposes. The face detection functionality is provided by Google FaceDetector API as a default Android Operating System function. Our application does not store the image captured from the camera.
Journals are SQLite files generated by the application on your device. It collects a chronological set of events taking place in the application during its usage for the purpose of analysis, reporting and diagnosis.
Journals do not include any personal information (such as name, surname, address, email, telephone etc.) or payment details (such as credit card, address, bank account etc.). The information recorded in journals are only event based and includes technical details about device, location, advertising and content.
How we make journals
Advixta application has 2 states; sleep and awake. When there is no user or viewer in front of the devices, the device goes to sleep after a certain time. This is to save energy and make sure that content and advertising is not played when there is nobody watching. When a person appears in front of the devices, the device detects the viewer by using the front camera and wakes up. On wake up, the device starts the session until the person disappears from the camera or stops using the devices. On the start of each session, the device opens a new journal and records events that are used later for functionality purposes.
What do we write in journals
Here is an example with descriptions of a standard single journal record:
Incremental identification number of local database record
Unix timestamp of event occurrence (GMT)
Unique trip identification string for segregation, or blank if no trip was in progress
ISO 639-1 code of active application UI language
Identification string for layout fragment of event occurrence or name of initiating source
Content item type identification number, or zero if event is not engaged with content, ex.:
1 – Application Basic
2 – Services
10 – Apps Basic
11 – Apps Button
12 – Apps Article
13 – Apps Widget
30 – Media Basic
31 – Media Video
32 – Media Banner
50 – AdMob Basic
51 – AdMob Video
52 – AdMob Banner
Unique identification string for item, or blank if not engaged with content
Uniform resource identificator for item, or blank if not engaged with content
Additional parameters for content item details in JSON Object format
Unique identification string for item parent, or blank if item has no parents. Could also be blank if “item_guid” is empty for non-content events
Partner identification number
Partner’s group identification number
Event type identification number, ex:
10 – Application Start
11 – Application End
12 – Application Interrupted
13 – Application Error
14 – Device Screen On
15 – Device Screen Off
20 – Trip Start
21 – Trip End
30 – Content View Start
31 – Content View End
32 – Content View Interrupted
33 – Content View Error
40 – Interaction Click
41 – Interaction Long Click
50 – Face Present
51 – Face Absent
60 – Web Browser Start
61 – Web Browser End
Additional parameters for event details in JSON Object format
Event occurrence GPS location latitude
Event occurrence GPS location longitude
Event occurrence GPS detected speed
Event occurrence GPS detected accuracy
How do we use journals
We use journals for provision of functions and services that we offer to you in the frame of Advixta purpose, solution and features. Journals of completed sessions are sent to our server for below basic functions. Without collections information and forming journals, below functions would not be possible to perform:
We analyse events during usage of our app to understand the usage of certain functions, advertising and content for the purpose of improving them. In particular, we analyse
- Location – to understand activity and play geolocalized advertising.
- Playing advertising and content – Follow up if the ads and content are playing properly.
- Face detection – To understand if there is any viewer or user.
One of the main purposes of using our solution is to display advertising to you and your clients. By selling advertising you may promise to provide reports to the advertiser. In order to build such reports we need to count
- How many times the advertising has been displayed
- How many times the advertising has been clicked
- How many people have seen them
We also use the journals to detect any errors. If there was any error in playing advertising or content, it is written to the journal and sent back to us. This helps us to understand and correct problems.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the point at which a video was viewed.
For further information, visit www.allaboutcookies.org .
- Keeping you signed in.
- Understanding how you use our website.
- Producing analysis of user visits and revisits.
- Providing additional UI functionality for user experience.
At the end of each session, our application deletes all cookies from the websites visited.
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Functionality – We use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Advertising – We use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. We sometimes share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Cookies placed on your devices by using our application will be deleted automatically on the end of each session.
Privacy policies of other websites
How to contact us
Person in charge for data protection: Vakhtang Gegechkori
Email us at: email@example.com
Relevant legal bases
We process your personal data on the legal basis of the General Data Protection Regulation (GDPR). Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply.
General Data Protection Regulation (GDPR)
We collect and process data in accordance to legal basis of EU Directive 95/46/EC (General Data Protection Regulation)
Federal Act on Data Protection (FADP)
In addition to the General Data Protection Regulation, the Federal Act on Data Protection applies in Switzerland. https://www.admin.ch/opc/en/classified-compilation/19920153/index.html
We take appropriate technical and organizational measures in accordance with the legal requirements.
These measures include, in particular, preventing breaches, ensuring suitable processors, records of processing activities, privacy by design, a strong foundation for ensuring the rights and freedoms of the data subjects.
Also, we have set up procedures that guarantee the deletion of data and watching data breach risk.
Meantime, we also consider protection of personal data when developing or selecting software, hardware and processes in accordance with the principle of data protection, through technology design.
Registration and login
To use our services, each of our Partners , customers and their employees have to register themselves to CMS and create a user account. As part of the registration, the users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual obligations. The processed data include in particular the login information (name, password and an email address). The data entered during registration are used for the purposes of using the user account and its purpose.
The partner accounts are not public and cannot be indexed by search engines. As part of the registration as well as subsequent registrations and uses of the customer account, we store the customer’s IP addresses and the access times in order to prove the registration and to prevent any misuse of the customer account.
Users can be informed by email about events that are relevant to their user account, such as technical changes. If users wish to terminate their user account, their data with regard to the user account will be deleted, subject to a statutory retention requirement. It is the responsibility of the users to back up their data if the termination is successful before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
As part of the services to our partners and customers, we record log of user activity for the purpose of follow up and rectifying organizational issues. This data is not public and is provided only to the respective manager of the organization.
CMS registration process requires information such as login name, email and password. It is your responsibility to create a complex password which is unique and not used anywhere else. You are also responsible to keep it safe and not to share with anybody.
Commercial Data Processing
We process the data of our partners and interested parties in scope of End-User Licence Agreement (EULA) and in context of our contractual rights and obligations. We may also collect data from customers of our partner for the purpose of analytics, report and diagnosis.
We also process this data to perform our business, functions and administrative tasks. We may have to pass on the data of the contractual partners to third parties only within the framework of the applicable law whenever it is necessary (e.g. to telecommunication network, transport services, subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).
Whenever such data is required to be passed on, we inform the contracting parties by mentioning by notes in online form or in person.
We delete the data after the expiry of legal obligation, i.e. generally after 4 years, unless the data is attached to a partner or a customer account which is archived for tax or other administrative purposes.
If a customer’s account is terminated, the data relating to the customer account will be deleted, subject to their retention being required for legal reasons. It is the customer’s responsibility to save their data if the customer account is terminated.
We process the data of the users of our apps, hosted services, website and technical support, registered and any test users in order to be able to provide them with our contractual services and on the basis of legitimate interests in order to guarantee the security of our app and to be able to develop it further.
When contacting us (e.g. via contact form, email, telephone or via social media), the details of the inquiring persons are processed, insofar as this is necessary to answer the contact inquiries and any measures requested.
The answering of contact inquiries within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to answer (pre) contractual inquiries and, moreover, on the basis of the legitimate interests in answering the inquiries.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consent for processing is revoked or other permits no longer apply (e.g. if the purpose of processing this data has ceased to apply or if it is not necessary for the purpose).
If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Further information on the deletion of personal data can also be provided in the context of the individual data protection information in this data protection declaration.
Should you need more information, please contact firstname.lastname@example.org