We provide advertising campaigns to our clients and, therefore, take responsibility for the processing of personal data. We assume the role of data controller under the General Data Protection Regulation (GDPR) and ensure compliance with the requirements set forth by the regulation. This means that we do not process personal data on behalf of our clients and do not act as a "data processor" under the GDPR.


We design our processing with attention to privacy options. The GDPR requires us to process personal data while taking into account principles such as privacy-by-default and privacy-by-design. This ensures that personal data is not unnecessarily collected or shared. We have even structured our system in a way that we do not have access to copies of data but instead rely on specialized third-party providers.

As a precautionary measure, we conduct a Data Protection Impact Assessment for campaigns in all segments. This allows us to ensure that we have sufficient knowledge of the target audience and its risks and can minimize potential risks. We also require our clients to agree to the DPIA before starting a campaign.