Effective April 26, 2019
Katalys cares about how end user data is collected, used, and shared. We are a “data processor” that collects and analyzes end user data at the specific request of our clients, the “data controllers”.
Katalys Platform and Data Pledge
Katalys is the leading partner marketing platform, used by the world’s top mobile and desktop advertisers and networks to measure and manage their online advertising relationships. Clients use Katalys to assess the effectiveness of their partner relationships and act on those results.
Pursuant to the Katalys Data Pledge, our clients determine the data that they provide to and collect through Katalys. Clients’ use, collection, exportation, or any other use of end user data is governed by their own privacy policies and applicable laws, rules, or regulations.
What Information Does Katalys Collect From Clients?
At the direction of our clients, who act as data controllers, Katalys collects the following types of information from end users to help clients measure and manage their marketing partner relationships:
- Ad Identifiers (unique character strings associated with user devices that help monitor and measure user interactions with advertisements and apps, such as Apple’s IDFA and Google Ad ID; Ad Identifiers may be reset by the user)
- IP address
- Pixel tags
- Imprecise geographic location data derived from IP address and/or wifi networks
Our clients may also choose to share certain account information for both clients and their partners on the Katalys Platform. This may include corporate and employee information necessary to maintain the services and up-to-date contact information, including: name, mailing and/or billing address, email address, company name, website url, user name, password, and phone number. Clients using Katalys to manage payouts to their partners may also choose to share certain banking information as necessary to carry out the services.
Clients can also choose to view and measure information provided by other third-party sources in the Katalys Platform. Those sources may include advertisers, publishers, marketing partners, and other advertising networks and analytics partners. Marketing partners may sign up with advertisers through the Katalys Platform or through their own customer website. Marketing partner information provided to our advertiser clients may be used by Katalys for fraud prevention purposes and to fulfill contractual requirements with our advertisers.
Clients own the data that they provide to and collect through the Katalys Platform. When clients remove or export their data from the Katalys Platform, their use of data is governed by their own privacy policies and applicable laws, rules, or regulations. Katalys serves as a data processor, acting at the direction of our data controller clients. Specific fields that likely contain personal data, such as IP address or device ID, may be obfuscated or blanked, respectively, by the Katalys client. Additional information on how we categorize and treat data is available here.
What Information Does Katalys Collect On the Websites From End Users?
When you visit the Websites, Katalys collects information about your device and use of the Websites to understand how to improve its Websites. Katalys also collects any information you voluntarily provide when you visit the Websites to learn more about Katalys and its products, sign up for Katalys services, or apply for employment at Katalys. The type of information collected will depend on your request and interaction with the Websites. Categories of information may include specific times of day you accessed the Websites, the IP address of the device you used to access the Websites, the pages on the Websites that you viewed, the pages you visited before navigating to the Website(s), and information about the device you use to access the Websites, including hardware model, operating system and version, and browser.
Katalys uses the information collected on the Websites for various purposes, including:
- Ensuring its Websites remain relevant to end user needs and are easy to use by providing analytics and other data regarding use of our Websites.
- Sending marketing and promotional communications in compliance with applicable laws.
- Enhancing, improving, or modifying its Websites and services, enhancing security, or combating spam or malware or other security risks.
- Providing confirmations, invoices, technical notices, updates, security alerts, and other support and administrative messages.
How Do Clients Use Katalys To Collect Information From Users?
Clients may use Katalys for pixel or server postback tracking to collect certain performance marketing information about end users. Pixel tracking (also called “cookie-based tracking” or “client-side tracking”) methods store a Katalys session identifier in a user’s browser cookie on click. In postback tracking (also called “server-side tracking”), Katalys directly sends a session identifier to the advertiser on click. On conversion, the advertiser then communicates that identifier to Katalys for validation.
Katalys also supports server-to-server measurement for some clients. With any of the mentioned methods, when an end user clicks on an advertisement and goes to a specific web page or mobile app action that a client chooses to measure, Katalys collects information from the user’s device, including but not limited to IP address and ad identifiers.
How May Clients Use Katalys To Process Information From End Users?
- Measuring performance of ad campaigns, including creation of customized performance reports
- Measuring performance of various marketing partners selected by the client
- Serving ads through Katalys using data that does not personally identify users
- Managing relationships with marketing partners, including payouts on measured conversions and establishing automated workflows to establishing advertising offers
In Which Instances Might Katalys Share End User Data With Third Parties?
- With third party service providers who work for us and need access to your information to do their work on our behalf, such as providing customer support features, processing payments, and storing data (e.g. Amazon Web Services). All such third-party vendors have agreed to protect the confidentiality of information provided by Katalys.
- If required to do so by law, such as to comply with a subpoena or court order, or in the good-faith belief that such action is reasonably necessary to protect our rights, protect your safety or the safety of others, prevent fraudulent, malicious, or unlawful activity, investigate fraud, or respond to a government request.
- As part of any merger, acquisition, debt financing, or sale of company assets or other event in which information could be transferred to third parties as one of the business assets of the company.
We may also share aggregated or anonymized information in a form that does not directly identify you or any end users with any third parties.
End User Choice, Opt Outs, and Disabling Cookies and Advertising Identifiers
End users can disable cookies in most internet browsers. An overview of the process is available here. Disabling cookies will not, however, stop receipt of all advertisements. If an end user would like to opt out of a particular ad network, publisher, or advertiser’s ads, they will need to contact those companies directly to inquire whether they have an opt-out option.End users can also disable collection of Ad Identifiers for targeted advertising by enabling the Limit Ad Tracking setting on their smartphone. End users can also reset the Ad Identifier altogether using their smartphone’s privacy settings. Katalys collects data on behalf of its business clients, and is not an end user facing company. Nonetheless, Katalys provides end user data rights guidance at https://optoutmobile.com.
Learn more about how to control your data via our third party partners’ relevant privacy documentation regarding end user rights: Pendo, Intercom, Marketo, Zendesk, NetSuite by Oracle, SalesForce, Google Analytics, LiveChat, TransferWise, and Inspectlet.
If you no longer wish to receive Katalys publications (e.g. newsletters, blog digests), you may opt out using the unsubscribe link located at the bottom of each communication or by updating your preferences here. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations. We will respond to your opt out request to access within a reasonable timeframe.
Local Shared Objects (Flash Cookies) and Local Storage (HTML5) Opt Out
Third parties with whom we partner may use local shared objects (flash cookies), and we and our third parties use local storage (HTML5) to provide certain features on our Websites, to display advertising based on your web browsing activity, and to store content information and preferences. Various browsers may offer their own management tools for removing HTML 5. To manage Flash cookies, please click here.
Katalys (formerly known as HasOffers) is a participant of the Google Third Party Serving Compatibility Program. Clients that choose to advertise with Google must abide by Google’s Third-Party Ad Serving Policy available at https://support.google.com/adspolicy/answer/94230, as well as privacy principles to which Katalys ascribes, including with regard to data collection, functional cookie opt-outs, and ad identifier tracking.
How Does Katalys Adhere to GDPR Principles?
Katalys serves as a data processor under GDPR, and adheres to the principles and rules of GDPR. Specifically, Katalys implements privacy by design and default principles, ensures limited data retention protocols, adheres to incident response norms, allows for appropriate third party audits, ensures data is only transferred internationally with a lawful basis, only contracts with subprocessors with adequate written commitments to data processing, respects data subject rights, does not process sensitive personal data, and provides data processing agreements to all appropriate clients and partners. (In addition to GDPR, Katalys respects and adheres to similar data privacy laws in other jurisdictions, such as the California Consumer Privacy Act.)
To end users who access the Websites: Katalys retains your information for as long as your account is active or as needed to provide you Katalys services. Katalys applies data retention rules to abide by data minimization principles; such rules are outlined at the of Katalys’s secure data support document available here. In most cases, reliance on Katalys’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law.
Data Retention, Use, Access, Corrections, and Removal
Katalys retains your information for as long as your account is active or as needed to provide you Katalys services. Katalys applies data retention rules to abide by data minimization principles; such rules are outlined at the end of Katalys’s secure data support document available here. In most cases, reliance on Katalys’s existing data retention rules will satisfy the end user request within a reasonable period of time. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law and helpful for the service to function properly.
Under GDPR, you have the right as a data controller to:
- Request information about the processing of your data, as well as the receipt of a copy of your personal data. You can request information on the purposes of the processing, the categories of personal data being processed, the recipients of the data (if they are passed on), the duration of the storage or the criteria for determining the duration.
- Correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes.
- Delete or block your data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully.
- Restrict the processing.
- Object to the processing of your data.
- Revoke your consent to the processing of your data in the future.
- Complain to the competent supervisory authority about inadmissible data processing.
If you wish to access, amend, correct, remove, or limit use of your information as it is used for access to the Websites, update your preferences here. For information on Katalys’s approach to and preparation for GDPR, please CLICK HERE.
Your data will be processed on the following legal bases:
- Your consent to data controllers in accordance with Art. 6 (1)(a) GDPR;
- For the performance of a contract with you in accordance with Art. 6 (1)(b) GDPR;
- For the fulfilment of statutory obligations in accordance with Art. 6 (1)(c) GDPR; or
- From a legitimate interest in accordance with Art. 6 (1)(f) GDPR (and, to the extent we base the processing of your personal data on legitimate interests, such data will only be sued to improve or carry our services, protect against misuse or fraud, and maintain statistical integrity with business partners and customers).
EU To U.S. Data Transfers
Katalys has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. See Katalys’s Privacy Shield Statement here. To learn more about Privacy Shield, please visit www.privacyshield.gov.
In the process of providing services to you, we may transfer information that we collect to affiliated entities, or to other third parties across borders from your country or jurisdiction to other countries or jurisdictions around the world. By using the Websites or signing up for an account with Katalys, you consent to the transfer of your information to the United States.
Katalys uses commercially reasonable efforts, including a variety of security technologies and procedures, to help protect client and end user data from unauthorized access, use, or disclosure, both during transmission and once it is received.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request.
2200 Western Ave., Suite 200
Seattle WA, 98121
CEO: Peter Hamilton
Katalys has also appointed an external ePrivacy GmbH as its external Data Protection Officer. For all requests concerning the security of your data, you can contact our data protection officer at “[email protected].” If you have a particularly sensitive request, please contact our data protection officer by postal mail (available below).
External Data Protection Officer
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg