Effective date: May 1, 2023

BidMind is an omnichannel programmatic advertising platform delivering ads across digital out-of-home (DOOH), digital audio, connected TV (CTV/OTT), mobile, and desktop. We help brands and agencies launch data driven campaigns and offer a suite of industry leading targeting capabilities. BidMind is available as both a self-service and managed service platform.

This privacy policy (“Privacy Policy”) explains how GDM Services, Inc. d/b/a Bidmind (“Bidmind”, “we”) collects, uses, and discloses information about you through its digital advertising technology platform (the “Platform”). If you are interested in learning how we collect, use, and disclose information through other corporate activities, such as on our corporate website, bidmind.com, and learning how to exercise applicable privacy rights related to such information, please click here.

THE PERSONAL DATA WE COLLECT VIA THE PLATFORM

Bidmind collects certain personal data while delivering ads via the Platform. We do not intentionally collect directly identifiable data such as your name, address, phone number, or any government identifiers such as your Social Security Number, unless you provide such personal data in connection with any request that you make directly to Bidmind. Bidmind identifies you by means of personal data related to your computer or device using cookies and other similar technologies, as explained below.

Bidmind buys web, mobile, DOOH and CTV/OTT advertising space on behalf of our clients which are generally product owners or mobile/CTV application providers and companies looking to advertise via web, mobile/CTV applications or OTT or DOOH content (“Clients”).

As stated herein, our Clients, our contractors, and our Clients’ contractors may use our technology and operate it using tags, pixels, cookies, or other similar technologies for their business activities. We are not responsible for our Clients, or our Clients’ contractors manner of use of your personal information or any sort of tracking technologies.

When we receive a Bid Request Data or Audiences (as defined below) , Bidmind servers may receive and store an advertising identifier (“Advertising ID”) or device identifier (“Device ID”), either of them is a pseudonymous number that is associated with user of our Client (further “User”, “you”, “your”) mobile or CTV device. Bidmind cannot use the Advertising/Device ID to identify User personally, but it does enable us to deliver relevant advertising to each mobile or CTV device. In addition to the Advertising/Device ID, we collect Impression Data (as defined below), or a notification about the very fact of displaying an ad or clicking on an ad with additional parameters, information about the kind of mobile/CTV device User uses (e.g., iPhone, Samsung, Roku etc.), the operating system of User’s mobile device (e.g., Android, iOS, Fire OS etc.), IP address, websites User may be visiting, content that User may be watching through video streaming CTV/OTT applications, the applications User downloads from Clients of Bidmind, when, how, and how often User uses those applications. The aforementioned data may be associated by us with Advertising ID.

Bid Request Data

Bidmind may collect your personal data in process of receiving information about possible advertising space from our supply partners (SSP) (“Bid Request Data”). Bid Request Data may include your Internet Protocol (“IP”) address, which include your imprecise location (e.g., country, region, postal or zip code), browser type (e.g., Chrome or Internet Explorer); operating system (e.g., Mac OS or Windows); browser language (e.g., English or Spanish) and Carrier or Internet Service Provider. It also may include IDs that our partners assign to your browser or device or your precise location (latitude & longitude) if you have given us your consent to process such data type.

Impression Data:

We collect additional data when we deliver an ad on behalf of our Clients (“Impression Data”). Impression Data includes elements from (and derived from) Bid Request Data, campaign information and bidding information (e.g., website category, number of pages browsed, click event, Application ID, video metrics, page URL, connected device ID, timestamp and connection speed etc.).

In some cases, based on data we collect ourselves, or receive from our Clients or data partners (e.g. Audiences as defined below), we infer within a reasonable probability that another browser or device should be associated with the same Adverting/Device ID. Where we are able to associate more than one browser or device with the same Advertising/Device ID, we use this information on behalf of our Clients to deliver tailored ads to you across multiple browsers or devices. The Advertising ID can be a cookie ID (a unique ID assigned randomly by Bidmind to an unrecognized browser), a mobile advertising ID (a unique ID assigned by the mobile operating system, e.g., Apple ID for Advertising or Android Advertising ID), an Identifier for Advertising (IFA) on OTT platforms (a unique ID assigned by an OTT TV provider, e.g., Roku ID for Advertising).

We participate in the IAB Europe Transparency & Consent Framework and comply with its Specifications and Policies. GDM Services, Inc. identification number within the framework is 455.

Please note, that our Clients may use our services to process some sensitive information, which may come from our Clients’ websites and may be processed through our technology without our awareness or control of thereof.

HOW WE COLLECT PERSONAL DATA ON THE PLATFORM

Bidmind collects personal data using cookies and other technologies allowed to receive information automatically from your device, including:

• Cookies. Cookies are small text files that usually include a unique identifier and are placed on a User’s device or computer. We use cookies on our Clients’ websites in order to operate our technology and collect User’s information and statistically analyze advertisement preferences. We also may receive personal data from third-party partners that allows them and/or us to associate or match the Advertising ID with those partners’ identifiers (through a process called “Cookie Syncing”) as well as personal data that associates your different devices with each other.
• Pixels. Pixels are transparent images, iFrames, JavaScript or SDKs that we, our Clients, and our partners use to understand how Users interact with online or offline properties.
• Audiences. Audiences are personal data that were collected (i) from the Client’s advertising campaigns through the Platform (from impressions, clicks, installs or post-install events in the application (mobile STV or web); or (ii) outside the Platform and imported into the Platform by our Clients or under the contracts with the third-party service providers, to use for advertising purposes. In some cases, by agreement with the Client, we may place a pixel on the Client’s (or clients’ of our Clients) websites in order to collect data from Users with the further build the audiences. Audiences, which already contained Advertising IDs or IPs and some anonymized features of subjects (such as demographic financial or behavioural characteristics etc.), allow us to associate or match them with identifiers of personal data obtained from our Clients or the third-party service providers, and associate your different devices with each other, as well as obtain personal data regarding video content that you view through video streaming CTV/OTT applications . Before our Clients or the third-party service providers transmit this offline data to Bidmind, names and other directly identifying information are removed and replaced with an Advertising ID.

The sources of Bid Request Data and Impression Data are your browser or device and media supply sources, such as publishers (i.e. organizations who operate digital properties) and exchanges or supply-side platforms (i.e. organizations who display ads on publishers’ digital properties).

HOW WE USE PERSONAL DATA ON THE PLATFORM

The information that we collect about you, both personally identifiable information and non-personally identifiable information, may be used by us, or shared by us as set forth in this Section or otherwise with your consent.

The collected information will be handled for standard cases of web / mobile / CTV / DOOH advertising use: brand targeting; campaign operations; delivering ads, including ads based on your inferred interests; brand measurement; performance attribution and optimization on the Platform.

• We use User’s device Advertising/Device ID and other information about Client applications User downloads or Client websites User visits to help our Clients understand which ads are most effective at generating downloads of our Client’s applications or at achieving other goals defined by Client. We also use User’s Advertising/Device ID and the information associated with User’s device Advertising/Device ID over time (e.g., the applications you download, when and how you use those applications, and any publisher-provided demographic data) to enhance our services and to select Bidmind Clients’ ads that are most likely to be of interest to User.

• Bidmind may use agents and contractors in order to provide our services to Clients. For the avoidance of doubts, if such agents and contractors have access to User’s Advertising/Device ID and/or the information associated with User’s Advertising/Device ID, they are required to protect this information in a manner that is consistent with this Privacy Policy by, for example, not using the information for any purpose other than to carry out the services they are performing for Bidmind.

• We may aggregate User’s data with other users’ data in non-personally identifiable, aggregated, and de-identified form to better optimize marketing campaigns and to improve our Site or service. We may also share this de-identified aggregate data publicly, for example, in order to provide analytical summaries.

• If we or our affiliates are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale or company assets, or transition of service to another provider, then any information may be sold or transferred as part of such a transaction as permitted by law and/or relevant agreement.

• If necessary, we use User information to protect users, investigate security breaches, and to prevent all illegal activities within our systems.

Automated decision-making and profiling

Bidmind applies special algorithms on the Platform in order to make automated decisions about expediency to bid on opportunities to serve you ads on behalf of a Client and, if so, a rational sum of the bid. The ads you see are the result of Client campaigns that specify how much to spend and on what basis to spend combined with the use of our algorithms. The ways in which we use algorithms to determine bid prices may be considered automated decision-making in certain jurisdictions. Additionally, these processes, in combination with Client campaigns, may constitute profiling in certain jurisdictions.

WITH WHOM WE SHARE YOUR INFORMATION

We do not share your personal information with others, except as indicated below, or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:

• Authorized service providers: We may share your personal information with our authorized service providers that perform certain services on our behalf and in accordance with our instructions. These service providers may act as advertising networks, data analytics providers, media platforms, brands, social networks, consumer data resellers, distribution partners. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes. Service providers are contractually prohibited from using the personal information for purposes outside of our instruction. This may include, for instance, providers involved in tech or customer support, operations, web or data hosting, security, marketing, data management, validation, or otherwise assisting us to provide, develop, maintain and improve our services.

• Other Situations: We also may disclose your information:

o In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.

o When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce Bidmind terms and conditions or other agreements or policies.

o In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Any third parties to whom we may disclose personal information may have their own privacy policies which describe how they use and disclose personal information. Those policies will govern use, handling and disclosure of your personal information once we have shared it with those third parties as described in this Privacy Policy.

CCPA, VCDPA, CPA and CTDPA

Beginning January 1, 2020, the California Consumer Privacy Act (“CCPA”) (as augmented and amended by the California Privacy Rights Act, or “CPRA” (California Civil Code Section 1798.100 et seq.)) gives California residents certain rights with respect to the processing of personal data. Under CCPA, “Personal Information” is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with California consumers or households.

This supplement provides additional privacy disclosures and details additional rights and should be read in conjunction with our Privacy Policy.

The California Code of Regulations defines a “resident” as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose, and

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents.”

Please note that if you wish to exercise any of your rights with any of Bidmind’s Clients, you must make your request directly to those Bidmind Clients, based on information and procedures that they supply.

Information we have collected

For the purposes of the CCPA, the above-described personal information collected can be classified as follows:

• Identifiers (such as an online identifier like Advertising/Device ID or an Internet Protocol (IP) address);
• Internet or other electronic network activity information (such as the browsing history, search history, and information regarding to interaction with Clients’ digital properties),
• Geolocation data inferences.

Information We Have Sold Or Shared

We will share the information collected about you as described above for various business purposes, with service providers and with third parties, including our Clients. The table below describes how and with whom we share or disclose personal information, and whether we believe we have sold or shared a particular category of information in the prior 12 months.

Our Business Purposes for Collecting and Sharing Personal Information

The main business purpose to collect and share personal information is serving advertising, analytics, attribution, and reporting. For more details, please go to the Section “How we use personal data on the Platform”.

When We Act as a Service Provider/Processor

We may receive, handle and process personal information on behalf of our Clients, in order to provide services to those Clients. This may include, for instance, information about our Clients’ users or prospective users, or about other users our clients have interacted with. This is information we access as a “processor” or “service provider.” This information is not owned by Bidmind, and thus is not subject to the processes or choices described in this or related policies. To exercise your rights with respect to that information, you must contact whichever company or organization is the “controller” or “business” that holds it.

Sensitive Information under CCPA

Bidmind collects the following type of your “sensitive information”: the precise geolocation. We use the sensitive information in accordance with the Section “How we use personal data on the Platform” above. We don’t use your sensitive information in any other purposes not outlined herein. If we will need to use additional pieces of the sensitive information in order to provide our services or for any other purposes, we will ask your consent to do so.

Rights Of California Residents

If you are a California resident (as defined above), you have the right to:

1. Right to Access. Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months or for the all time, and ask that we provide you with the following information:
   • Categories of and specific pieces of personal information we have collected about you;
   • Categories of sources from which we collect personal information;
   • Purposes for collecting personal information;
   • Categories of third parties with which we share personal information;
   • Categories of personal information disclosed about you for a business purpose. As well as, if applicable, categories of personal information sold and/or shared about you and the categories of third parties to which the personal information was sold and/or shared, by category or categories of personal information for each third party to which the personal information was sold and/or shared.

2. Right to Correct Inaccurate Personal Information. If you have reason to believe that Bidmind maintains inaccurate personal information, you have the right to request Bidmind to correct your inaccurate personal information. To do this, you need to make a verifiable consumer request through communication channels mentioned below.

3. Right to be Forgotten. You have the right to request that Bidmind delete any personal information it has collected or maintains about you, subject to certain exceptions for business purposes outlined in the applicable law. Once Bidmind receives and confirms your verifiable consumer request, Bidmind will delete your personal information from its records, unless an exception applies.

4. Right to Non-Discrimination. You have the right to non-discrimination if you exercise any of your rights under the CCPA. If you exercise your rights under the CCPA, Bidmind, pertaining to its good and services, will not do any of the following: (a) deny you any goods or services; (b) charge you a different price or rate for goods or services, including through the use of discounts or other benefits or imposing penalties; (c) provide to you a different level or quality of goods or services; or (d) suggest to you that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

5. Right to Opt-Out. You have the right to direct Bidmind to not sell or share your personal information to third parties at any time.

Exercising Your Rights

How to exercise your rights please read in the section “REQUEST FOR EXERCISE OF RIGHTS” below.

California Consumers under 16 Years Old

As of the effective date of this policy, we do not have actual knowledge that we sell or use personal data of consumers under 16 years of age for targeted or cross-contextual behavioral advertising (“share”). If we collect personal data that we know is from a child under 16 years old in the future, we will not “sell” or “share” that information unless we receive affirmative permission, in compliance with applicable data protection laws, to do so. If a child is between 13 and 16 years of age, the child may provide that permission.

If you wish to request further information about our compliance with these requirements, or have questions or concerns about our privacy practices and policies, please use the Contact Us information provided below.

Virginia, Colorado and Connecticut Consumer Privacy Rights

If you are a resident of the State of Virginia, Colorado or Connecticut subject to certain exceptions, you have certain data protection rights as defined by the Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”) or The Connecticut Data Privacy Act (“CTDPA”) respectively. Bidmind aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information.

Upon the request you may realize your following rights:

1. To confirm whether or not Bidmind is processing your personal data and to access such personal data;

2. To correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing;

3. To delete personal data provided by or obtained about you;

4. To obtain a copy of your personal data that the you previously provided to Bidmind in a portable and, to the extent technically feasible, readily usable format;

5. To opt out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects for you.

Bidmind may use your personal data to facilitate the delivery of targeted advertising, as defined by the applicable privacy laws, to you. You can always opt-out of the serving of targeted advertising by Bidmind by clicking here.

Once we receive your request, we stop using your personal data for targeted advertising, unless you later allow us to do so.

Residents of Virginia Colorado and Connecticut have the right to opt-out of “sale” of its personal data as well as profiling done in furtherance of decisions that produce legal or similarly significant effects, as defined by the applicable privacy laws. You may read how to do it in the Section “REQUEST FOR EXERCISE OF RIGHTS”.

Sensitive Personal Data Processing under VCDPA and CTDPA

Bidmind collects the following type of your “sensitive information”: the precise geolocation. We use the sensitive information in accordance with the Section “HOW DO WE USE YOUR INFORMATION” below. The VCDPA and CTDPA requires data controllers to obtain a consumer’s consent before processing their sensitive personal data. Bidmind acts as a processor related to your personal data. During provision of our services, we obtain your consents along with personal data provided to Bidmind by our partners who act as controllers. We don’t use your sensitive information in any other purposes not outlined herein. If we will need to use additional pieces of the sensitive information in order to provide our services or for any other purposes, we will ask your consent to do so. If you wish to opt-out of the use of your Sensitive Personal Data you should contact the relevant controller who collected your data. Following your opt-out on the controller’s side, it provides us with the following request requiring us to stop processing your Sensitive Personal Data and/or delete them, respectively.

Exercising your Rights

How to exercise your rights please read in the section “REQUEST FOR EXERCISE OF RIGHTS” below. In addition to the general procedure, Virginia, Colorado and Connecticut consumers have the right to appeal the decision if Bidmind declines to take action regarding the consumer’s request. To exercise your right to appeal you may (as with other privacy rights) make an appropriate request according to the section “REQUEST FOR EXERCISE OF RIGHTS”.

If the appeal is also denied, under a request, we may provide the consumer with an online mechanism, if available, or other method through which the consumer may contact the Attorney General to submit a complaint.

INFORMATION FOR RESIDENTS OF EUROPEAN COUNTRIES

If you are located in the European Economic Area, the United Kingdom, or Switzerland (the “European Countries”), you have certain rights and protections under applicable law regarding the processing of your “personal data” as defined under applicable law. Some of the personal data that Bidmind maintains on the Platform may constitute “personal data” under these laws.

Role of Bidmind as a Controller or Processor

If you are located in one of the European Countries, Bidmind may act as a “controller” as defined under applicable law when processing your personal data. Bidmind may also act as a “processor” as defined under applicable law to the extent that it processes your personal data on behalf of and at the instruction of another party, for example a Bidmind Client.

Legal Basis for Processing

Bidmind ‘s legal basis for processing your personal data depends upon the specific context in which we collect or use it. We normally rely on our legitimate interests to collect and use personal data, except where our interests are overridden by your data-protection interests or your fundamental rights and freedoms. Our legitimate interests are described in greater detail in the “How we use personal data on the Platform” Section of this policy. These legitimate interests include the operation of our Platform and business and the provision of our online advertising technology services to our Clients as required by our agreements with them.

In some cases, we may rely on your consent which is obtained for us by the operator of the digital properties that use technology that interacts with our Platform. Where we rely on consent to process your personal data, we will obtain such consent in compliance with applicable laws. Where you have given your consent, you have the right to withdraw your consent at any time.

Additionally, we may have a legal obligation to process personal data.

QUESTIONS AND COMPLAINTS

We have assigned a Data Protection Officer (DPO) who may be reached via dpo@bidmind.com.

However, you can also contact and have the right to lodge a complaint with your local Data Protection Authority.

Our EU Representative – according to Art. 27 GDPR:

ePrivacy GmbH

represented by Prof. Dr. Christoph Bauer

Große Bleichen 2120354 Hamburg

Germany

https://www.eprivacy.eu

REQUEST FOR EXERCISE OF RIGHTS

To exercise your rights to know, access, correct and be forgotten described above, please submit a verifiable consumer request to Bidmind by email dpo@bidmind.com.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with the information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Household Requests

If all the members of a household make a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.

Requests, Generally

Please note, if you have not filled our Site’s forms we will not have enough information about you to verify your Right to Know, Right to Correct and Right to Delete requests, as we do not keep sufficient information necessary to re-identify and link you to a prior visit to the user services where data may have been collected. As such, we will be unable to verify and honor your requests. You may make a verifiable consumer request related to your personal information twice per 12-month period.

Requests Made Through Agents

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Opt-out requests

To exercise your rights to opt-out please follow the links below:

Do Not Sell or Share My Personal Information

Opt-out from automated decision-making technology

Limit the Use of My Sensitive Personal Information

You also may submit a verifiable consumer request to Bidmind by email dpo@bidmind.com in order to realize your rights to opt-out if this is available in your jurisdiction.

CONTACT US

GDMServices Inc. D/B/A Bidmind DSP

3500, South DuPont Highway,

Dover, Delaware, 19901,

United States

Email: dpo@bidmind.com