Close icon to exit the modal
Search icon

Publift’s Joint Controllers, Processors and Sub-Processors

Current as at 16 August 2024

As at the date of this list, Publift’s joint controller, processor and sub-processor partners include:
Publift’s Ad Network Partners
Partner GDPR role (joint controller; processor; controller) Services include Regions of processing include Personal data includes Time data may be processed for (retention and deletion)? Nature and purpose of the processing include Obligations to keep data secure Data breach notification requirements and handling of regulatory requests Handling of data subject requests and rights Data transferred outside of EU? If so, what mechanisms and protections are in place? Privacy Notice
AppMonet (dba “Adapt MX”) Separate controllers Programmatic advertising services US Device data
Bid request data

Including: anonymous data and technical information including but not limited to cookies and beacon data, metadata, usage data, geo-location data, and streaming data, with regard to the devices and systems used to access the Publift’s content and Publift’s advertising and the activities, preferences and attributes of the users of the Publift’s content and the Publift’s advertising content.
90 days. To provide, manage, maintain, and improve its services (including disclosure of impression-level information to other relevant parties).To provide and improve its services and provide related support, understand how a user interacts with the content and sites, preventing fraud, and customize a user’s experience. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
Index Exchange Processor of publisher data; controller of Index Exchange data Programmatic advertising services EEA

Asia

North America
Device data
Bid request data

Including: ad response data, bid request data, bid response data, data regarding the advertising campaign of a client, location data based upon an IP address, cookie data, device IDs, any hashed identity tokens and data provided by Index Exchange, Demand Side Platforms, or clients.
Up to 5 years. Process personal data to provide platform services when it is permitted by law and supported by a valid legal justification. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
Magnite (Formerly Rubicon) Controller Programmatic advertising services EEA

North America

UK

Australia

Asia

South America
Device data
Bid request data


Including:
• usage information
• log information
• device information
• location information
• internet service provider
• deidentified information (encrypted or hashed email addresses)
• derived information.
As long as is necessary for the purpose(s) for which it was originally collected, or for other legitimate business purposes.Some data typically stored for up to 90 days before it is anonymized and aggregated. Collect to enable clients to offer and buy advertising opportunities; to operate and improve technology; to compile statistics and conduct research and development; to prepare reports of visitor activity; to enable standard advertising controls; to analyze and report on ad performance, campaign reporting, and campaign forecasting; to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.To deliver end users targeted advertising; to create profiles of end users for targeted advertising; to create audience segments. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
OpenX Controller Programmatic advertising services EEA

North America
Device data
Bid request data

Including: unique online identifiers, online and offline activity and interests, geolocation information, browser, device and service information, ad reporting and delivery information.
For a maximum of 90 days from the last date it was received. To facilitate non-interest based advertising;to facilitate interest-based advertising;to understand activities and preferences; to measure ad performance; to build and improve products, features and models. Materially in accordance with applicable GDPR laws. Materially in accordance with applicable GDPR laws. Materially in accordance with applicable GDPR laws. Materially in accordance with applicable GDPR laws. See here
Teads Controller Programmatic advertising services EEA

Africa

Asia

Australia

UK

North America

South America
Device data
Bid request data

Including: cookie ID; mobile advertising ID; IP address; approx post code; page URL; date and time interacted with ad; browser information; device information; network type or carrier information.
Cookie ID is stored in the browser for 365 days after its creation. Records of activities linked to the cookie ID are stored in the database for 4 months.

Other information such as mobile advertising ID, IP address; approximate postcode; page URL; interactions; date and time; browser information; device information; network type: 4 months.
Collect, use, analyze and process partner data: (i) to perform an agreement; (ii) as part of its business operations, to operate, manage, test, maintain and enhance the technology, service, platform and other products, programs and/or service, including as part of its re/targeting capabilities, to serve interest based ads to users, to combine the partner data with other sourced data; and to share the partner data with its buyers partners. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
Criteo Co-data controller Programmatic advertising services EEA Device data
Bid request data

Including: non-identifying data to improve the Criteo Technology and other Criteo products, programs, and/or services. This non-identifying data may include on-site user behavior and user/page content data, URLs, statistics, or internal search queries.
Technical data collected for up to 13 months from the date of collection, and expires 13 months after they are last updated.

Opt-out cookie expires after five years.
Display personalised advertising

Display contextual advertising

Sales matching/attribution

Fraud prevention/fight against fraud/IVT

Data model training

Billing

Reporting

Incident resolution
In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
Equativ (fka Smart AdServer) Processor

Controller of Personal Data Processed through certain cookies and processing of Data Subject’s IP address for the purpose of ensuring security, preventing fraud and debugging.
Programmatic advertising services EEA

North America
Device data
Bid request data
Including:
• IP address;
• Server ID;
• Browser ID, OS ID, screen size;
• ISP ID, postal code, phone prefix, country, region, city, DMA zone ID;
• Timestamp, longitude, latitude, connection type;
• Keywords associated with user;
• Timestamp of last visit.
Duration of the Agreement To perform Smart Ad Server’s Services to Publift (including providing, operating, managing, maintaining Smart Adserver’s Platform);

• To perform contextual and/or interest-based advertising;

• To perform optimization in respect to a campaign, including to limit the number of times a Data Subject sees a particular ad;

• To show ads related to the content of the concerned web page;

• To report aggregated statistics.
In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
Sharethrough (formerly District M) Controller Programmatic advertising services EEA

North America

Asia
Device data
Bid request data
Including: cookie identifiers, third party online identifiers, mobile device identifiers, browser and device information, IP addresses.
In accordance with each Party’s data retention policy, and only for the time period necessary to deliver each Party’s Services pursuant to the Terms of Service. For the purposes of delivering personalized advertising to the Data Subject pursuant to the Terms of Service. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here
ConnectAd ConnectAd is processor; Publift is controller Programmatic advertising services EEA Device data
Including: IP (for the time of processing) and cookie ID
30 days, extended on each user contact with a proper TCF consent. Following the IAB TCF Framework (nature and purpose depend on the consent and purpose granted). In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. In accordance with applicable GDPR laws. See here

Are you ready to power-up?

Get started