Privacy

Revive Adserver Hosted edition

Privacy and the protection of personal data of individuals are important topics in today’s society.

The team responsible for Revive Adserver Hosted edition have taken great care to design a technical platform and a set of operating procedures to ensure we can live up to the expectations of our subscribers, and the requirements of the relevant legislation and regulations.

Our commitment to privacy

Revive Adserver Hosted edition is a hosting service operated by a company called Aqua Platform.

Contrary to so many other vendors in the ad tech industry, our business model does not rely on collecting, processing, analysing, storing, or selling personal data about users of the internet. Instead, our guiding principle has been Privacy by Default.

We create value by operating servers and networking as efficiently as possible, while still maintaining a high level of service for our subscribers, and by enabling our subscribers to use the software hosted on these facilities to run their advertising businesses. We do not get involved in the business of our subscribers, other than providing the technical infrastructure and the software.

Our technical platform, meaning servers and networking facilities, have been designed to need as little personal data as possible. For example, in order for the staff members of our subscribers to be able to log in on their accounts, we provide usernames and store their e-mail addresses so we can send password reset emails, but we do not collect any other personal data about them. Simply, because we have no need for those.

About Revive Adserver Hosted edition

Who we are

Revive Adserver Hosted edition is a service offered by Aqua Platform, which is a company established in The Netherlands in 2015. The website address is: https://www.aquaplatform.com. More information about us can be found on our Company Details page on this website.

Is this page for me?

Here are some guidelines to determine if this page has information relevant for you.

I'm a member of the public

As a member of the general public, you are more than welcome to continue reading this page, but please keep in mind that we are unable to help you with your questions about your privacy, or the protection of your personal data. We do not collect, process or move your personal data, or at least we do not control those activities.

If you’re concerned about how another business deals with your rights with regard to your personal data, you should contact that business directly, even if you have reason to believe that the business is a client at Revive Adserver Hosted edition.

I'm a client at Revive Adserver Hosted edition

As a client of Revive Adserver Hosted edition, we hope you can benefit from the information we’ve put together on the page below, so that you can better fulfil your own obligations with regard to privacy, the processing of personal data, and data protection in general. And of course: thanks for being our client, we very much value your business!

I'm considering to join Revive Adserver Hosted edition as a subscriber

As part of your research before subscriber, it could be beneficial to study the information below describing how Revive Adserver Hosted edition treats personal data, and how we’ve implemented our commitment to privacy and data protection. And of course, if you like what you see, then please feel free to subscribe and join a long list of loyal subscribers.

GDPR – General Data Protection Regulations

If you work in the digital advertising industry, you must have heard about GDPR by now. So a very brief introduction should be sufficient. Here are a few questions you might have:

What is GDPR?

GDPR is an acronym for “General Data Protection Regulations”, which is a law that was adopted by the European Parliament in the autumn of 2015 and which came into force on May 25, 2016. There was a 24 month implementation period, and as a result the enforcement of GDPR commences on May 25, 2018.

GDPR oversees the collection, processing, and movement, of personal data about individuals residing in one of the 28 EU states and 4 other European states that also adopted these regulations.

Where does GDPR apply?

Companies and organisations that operate in the area governed by GDPR will have to be compliant with the regulations, even when they are based outside of the EU, if the Data subject involved is an individual who resides in the EU.

Can't we just ignore GDPR?

Every business, anywhere in the world, that has activities involving citizens of or individuals residing in the EU, must comply with the requirements of GDPR.

What are the penalties for non-compliance?

Not complying with the regulation can result in administrative fines of 4% of Gross Global Revenue of the organisation found to be in violation, or 20 Million Euro, whichever of the two is greater.

Should we seek legal advice?

GDPR is an extremely complicated set of rules, and it is actually much more a legal matter than a technical matter. Revive Adserver Hosted edition is not qualified to provide legal advice, so this page should be considered to be simply informative. We recommend that you consult with a lawyer or a qualified expert in order to be fully compliant with GDPR.

What is a Data Controller and a Data Processor?

GDPR introduces three important roles, which affect the rights and responsibilities an entity has. The three roles are:

  • Data Subject: a natural person from whom data is available and who should be able to determine how their data will be collected, stored, and/or moved;
  • Data Controller: a legal or natural person controlling the processing of personal data belonging to a Data Subject;
  • Data Processor: a legal or natural person performing the processing of personal data belonging to a Data Subject;

Instead of trying to go into the details of what a Data Controller and a Data Processor is and how it is determined whether you are the former, the latter, or both, we recommend having a look at the article by Sagara Gunathunga on All you need to know about GDPR Controllers and Processors.

I want to learn about GDPR, where can I go?

Here are a few resources to learn more about GDPR:

The Roles of Revive Adserver Hosted edition

In light of the various roles defined above, we as Revive Adserver Hosted edition conduct them as follows:

Data controller, Data Processor, or both?

For the most part, Revive Adserver Hosted edition is not a Data Controller, with one exception.
Revive Adserver Hosted edition is a Data Processor.
Please continue reading for a more detailed explanation.

Revive Adserver Hosted edition as a Data controller

For the most part, we are not a Data Controller. Our clients, the publishers and other businesses for whom we provide our services, should be considered the Data Controller. In accordance with GDPR, these Data Controllers give us their instructions on Data Processing, while first ensuring that they have obtained the consent of any Data Subjects they engage with. It is the responsibility of these Data Controllers to be compliant with GDPR or other regulations. In some cases, our clients are not in direct contact with Data Subjects, instead they perform an intermediate role for their own clients, who are in direct contact with them. There is one exception: when it comes to our own website and other ways of interacting with clients, potential clients, and others who are interested in our services and our business, we process a certain amount of personal data. For example, to be able to send an invoice to a client, we need to first store and later use their name, e-mail address, business name, address and so on. In that kind of capacity, Revive Adserver Hosted edition is both a Data Controller and a Data Processor (more on that role below).

Revive Adserver Hosted edition as a Data processor

Revive Adserver Hosted edition can be considered a Data Processor, and for the most part that’s our only role. Our clients, or their clients, perform the role of Data Controller. Since they engage with Data Subjects, in this case people visiting their websites or using their apps for example, it is their role and responsibility to provide information about the intended use of Personal data, and to get consent from such Data subjects for doing so. Since GDPR applies to any business, by default, it is the position of Revive Adserver Hosted edition, that our clients and their clients must be in compliance, and therefor, we do not have to perform any of the Controller roles in such cases.

Revive Adserver hosting

Revive Adserver Hosted edition is a services provider for the free, open source Revive Adserver software. With regard to privacy and compliance with data protection regulations, we hope the following information is useful for our clients.

What is Revive Adserver?

Revive Adserver is a free, open source ad serving system. The Revive Adserver project is the successor of several earlier open source projects, and has been in development by the Revive Adserver project team since 2013.

How does Revive Adserver software treat personal data?

The Revive Adserver project website has a page dedicated entirely to privacy, an explanation to how it relates to GDPR, and a detailed description of how the Revive Adserver handles personal data. Our clients are recommended to study this information carefully, to incorporate the relevant parts in disclosures about the use of personal data, so that a user of the internet who interacts with an ad server system hosted by Aqua Platform can make an informed decision about giving consent if necessary.

How does Revive Adserver Hosted edition hosting services with regard to personal data?

At Revive Adserver Hosted edition, we use the Revive Adserver software without any modifications. As such, the treatment of personal data by the software is exactly as described on the Revive Adserver website. We have added a few plugins to improve and scale up the functionality for the collection of delivery statistics, but these have been designed and developed to function identically to the built-in functionality.

Processing of Personal data by Revive Adserver Hosted edition

As a business, it can not be avoided that we process a certain amount of personal data. Our guiding principle in such cases is always: Privacy by Default.

Does Revive Adserver Hosted edition process any personal data of internet users?

Essentially: No, we don’t. We’ve designed, built and configured our platform for Privacy by Default. This means that we started from a position that we do not collect and store any personal data, or anything that anyone could possibly consider to be personal data.

As an example: the servers we use to deliver the ads for our hosting customers do not have any log files enabled. When an ad request arrives on the platform, it obviously comes with an IP address from the requestor. The ad server could use that IP address for geolocation, but the ad server does not log the IP address. The web server software underneath uses the IP address in order to be able to send the response back to the requester, but it does not log the web server event either. The reason is that we do not need these log files, which are traditionally being used for things like website statistics or performance measurement. Essentially, our servers process and then immediately forget any personal data they might see.

There are just a few exceptions, when it comes to interacting with organisations and individuals with whom we have a direct business relationship. This is detailed in the next block.

Does Revive Adserver Hosted edition process personal data about clients?

Yes, we do. As a business, we need to be able to communicate with our clients. They need ways to contact us, and we need to be able to respond to them, and to initiate our own communications towards them. And in order to do that, we need to collect and store a limited set of personal data about the individuals representing our clients.

But, as noted before, the concept of Privacy by Default was essential here as well.

As an example: to be able to send our customers their monthly invoices, we need to collect and store their names and e-mail addresses. Fiscal legislation also dictates that we store and use their business names, postal addresses and in some cases tax registration numbers. As a matter of fact, tax authorities dictate that we keep a record of every financial transaction and the associated personal data (if any), for at least 7 years. We’re not even allowed to delete any of those.

However, dictated by Privacy by Default, we never collect any personal data that we do not absolutely need.

Does Revive Adserver Hosted edition use cookies?

Yes, we do, but we make a point of not processing any personal data in cookies.

We use Google Analytics to count how many visits and pageviews we get on our website, and which pages are being viewed. To comply with GDPR, we’ve enabled the anonymizeIP setting in Google Analytics, so no personal data is ever collected, let alone shared with Google.

Disclaimer

GDPR is an extremely complicated set of rules, and it is actually much more a legal matter than a technical matter. The team offering Revive Adserver Hosted edition is not qualified to provide legal advice, so this page should be considered to be simply informative when it talks about how others should comply with GDPR. We recommend that you consult with a lawyer or a qualified expert in order to be fully compliant with GDPR yourself.