MODIFICATIONS

We reserve the right to change our Privacy Policy from time to time. If we make any changes to this Policy, we will change the "Last Revised" date, and in some cases we may provide you with additional notice. Your continued use of our Website and Services constitutes your acceptance of the Policy then in effect.

For this reason, you should review the Policy from time to time to ensure that you understand and are willing to accept our current privacy practices.

CHAPTER I. PRIVACY PRACTICES FOR OUR WEBSITE

This chapter describes the privacy practices Ad.Guru employs regarding your access and use of our Website ("Website Privacy Policy"), including the scope of Data collection, use & third-party disclosure, as well as the Personal Data rights, choices and controls, available to you.

1. PERSONAL DATA YOU CHOOSE TO PROVIDE TO US

1.1. Scope of Data Collection

We collect elements of your Personal Data that you provide to us (such as your full name, email, company name, website URL, etc.) during your registration at Ad.Guru.

You can choose not to provide certain information, but this will limit your ability to use our Services or their particular features.

We also collect elements of your Personal Data that you provide to us (such as your name and your email address), while communicating with us using the online contact form on our Website or subscribing to our Newsletter.

1.2. Scope of Data Usage

We store the collected Personal Data (e.g. email address, billing details) so long as you continue to have a business relationship with us and use such Data explicitly for Ad.Guru internal purposes, including to:

• . handle ongoing business cooperation with you,
• . provide customer support,
• . troubleshoot technical issues,
• . request your feedback,
• . share the latest news and updates regarding our Services with you.

1.3. Data Disclosure to Third Parties

We may share your Personal Data with third-party service providers who may assist us in responding to your tech support inquiries, and/or otherwise perform operational functions for us.

Any use of your Personal Data by such Service Providers for purposes other than performing operational functions for Ad.Guru is strictly prohibited.

Ad.Guru may also disclose your Personal Data to a third party:

• . when obligated to do so by law, including without limitation, by search warrant, subpoena or court order,
• . in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.

Ad.Guru may also transfer your Personal Data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.

If Ad.Guru is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via a notice on our Website of any change in ownership, and/or Personal Data uses, as well as your Privacy Data rights & choices.

1.4. Your Choice & Control

By voluntarily providing such Personal Data to us, you confirm your consent to our collection and use of this Data. You may withdraw consent to our use of your Personal Data and request its deletion, by emailing us at [email protected].

To unsubscribe from our marketing emails, please send an email at [email protected].

2. USE OF COOKIES AND SIMILAR TECHNOLOGY

When you access and use our Website, we may automatically collect the elements of your Personal Data through the use of cookies or similar technology.

2.1. Scope of Data Collection

a. Service Provision Cookies

When your visit our Website, our web servers temporarily collect general technical information, such as:

• . IP address,
• . device info (device OS & browser type),
• . Internet Service Provider (ISP),
• . website session details (date, time & duration).

Such cookies are non-intrusive to your privacy, since the collected data has no personal reference to you.

We store the collected data up to one year to ensure that our Website functions properly.

We don't share such data with any third parties.

In case of a user login via the Website, we set a cookie, which then remains stored to enable automatic login (permanent cookie).

b. Service Performance Cookies

We may use third-party analytics and research services, such as Google Analytics on our Website to better understand how visitors access the Website, where they come from and how they interact with its content & features.

Such data is collected and stored in the pseudonymized manner, hence couldn't be attributed separately to reveal a natural person's identity.

For more information, regarding data collection via Google Analytics, please refer to Google's privacy practices, currently located at support.google.com/analytics/answer/6004245.

2.2. Scope of Data Usage

We use the collected Data for various purposes, such as:

• . our Website maintenance & support,
• . identification & prevention of possible security threats,
• . combination & analysis of our Website usage data to identify & implement improvements in its content and features.

We do not combine the information collected through the use of analytics tools with Personal Data elements.

2.3. Your Choice & Control

To opt out of data collection via Google Analytics, please use the following opt-out instructions: tools.google.com/dlpage/gaoptout.

For more information about cookies, web beacons, and available opt-out choices, please visit: allaboutcookies.org.

To opt out of data collection via mobile applications, please visit the DAA AppChoices page, currently located at youradchoices.com/appchoices.

To opt out of personalized ads and reset your Advertising Identifier on Android/iOS, please follow the instructions below.

a. Android

To turn off personalized ads:

1. Go to "Settings."
2. Tap "Google."
3. Locate and tap "Ads."
4. Turn on "Opt out of Ads Personalization."

To reset your Android Advertising ID:

1. Go to "Settings."
2. Tap "Google."
3. Locate and tap "Ads."
4. Tap "Reset advertising ID."
5. Confirm resetting your Ad ID.

For more information, please visit: https://support.google.com/ads/answer/2662922?hl=en.

b. iOS

To opt out of interest-based advertising:

1. Go to "Settings."
2. Tap "Privacy."
3. Tap "Advertising."
4. Turn on "Limit Ad Tracking."

To reset your Apple Advertising ID:

1. Go to "Settings."
2. Tap "Privacy."
3. Tap "Advertising."
4. Tap "Reset Advertising Identifier."
5. Confirm resetting your Ad ID.

For more information, please refer to Apple's Advertising & Privacy page, currently located at: https://support.apple.com/en-us/HT205223.

CHAPTER II. PRIVACY PRACTICES FOR OUR SERVICES

This chapter outlines the Ad.Guru privacy practices for our Services ("Services Privacy Policy") and describes our data processing practices, regarding our Services Personal Data as well as our System Operations Data, as described below.

Our Services Personal Data and System Operations Data do not include our Clients' contact Data, collected by Ad.Guru via our Website or Clients' interactions with us during the contracting and onboarding processes.

Ad.Guru privacy practices for such Data are subject to our Website Privacy Policy (see Chapter I of this Privacy Policy).

1. LEGAL BASIS FOR DATA PROCESSING

The intended purpose of Ad.Guru Services implies our provision, maintenance and support of video ad tech solutions to our registered clients, i.e. Publishers, Advertisers, as well as our SaaS vendor partners ("Clients").

The intended use of the Ad.Guru Services does not imply interaction with our Clients' End Users.

We do not solicit, or knowingly collect Personal Data via our Products and/or their Adaptations, unless the data subject is our Client.

Ad.Guru treats our Services Personal Data in accordance with our Terms of Service, our Privacy Policy and the Client's Order Agreement, including any applicable Order Forms and/or Addendums.

In the event of any conflict between the terms of Ad.Guru Services Privacy Policy and the Privacy practices, described in the Client's Order Agreement, including without limitation the terms of the Ad.Guru Inbound Data Agreement and any applicable, mutually ratified Order forms and/or Addendums, the terms of the Client's Order Agreement shall prevail.

2. PROCESSING OF SERVICES PERSONAL DATA

This section describes the privacy practices Ad.Guru employs, while handling our Services Personal Data for provision of customer support and other services to Ad.Guru Clients during the term of their Order Agreement.

2.1. Scope of Data Collection

The processed Data may relate to Ad.Guru Clients, their representatives, employees, partners, contractors, suppliers, as well as their End Users, and may include Personal Data elements, such as:

• . IP address,
• . device info (OS & browser type),
• . mobile device ID,
• . Internet Service Provider (ISP),
• . first-party data, regarding online behaviour & interests, etc.

Such Personal Data elements are collected in the pseudonymized manner, which means they can not be separately attributed to identify and/or reveal a natural person's individual identity.

2.2. Scope of Data Usage

Ad.Guru may process our Services Personal Data for the activities necessary to operate our Services, such as (i) testing and implementing new player versions and/or platform upgrades and (ii) resolving reported issues and bugs.

Ad.Guru Clients act as Controllers of the Services Personal Data processed by Ad.Guru to perform such Services.

Ad.Guru will process our Clients' Services Personal Data as specified in our Terms of Service and the Client's Order Agreement, including any applicable Order Forms and/or Addendums to the extent necessary for us to (i) comply with our obligations as a Data Processor and (ii) assist Clients with compliance with their obligations as a Data Controller, relevant to their use of our Services, under the applicable data protection laws and regulations.

2.3. Deletion of Services Personal Data

Except as otherwise specified in the Client's Order Agreement or required by law, upon termination of services or at the Client's request, Ad.Guru will delete the Clients' data located on our servers in a manner that ensures that they can not be reasonably accessed or read, unless there is a legal obligation imposed on Ad.Guru, preventing us from deleting all or part of such Data.

2.4. End User Rights & Choices

Ad.Guru Clients control access to our Services Personal Data, related to such Clients and their End Users, and the Client's End Users should direct any requests, regarding our Services Personal Data, directly to that Client.

To the extent such access is not available to our Client, Ad.Guru will provide reasonable assistance with requests from End Users to access, receive and transmit, rectify, restrict, delete or erase, block access to or object to processing of Services Personal Data, processed by Ad.Guru.

To exercise any of these rights, please email us at [email protected].

3. PROCESSING OF SYSTEM OPERATIONS DATA

This section describes the data processing practices applied to Personal Data, incidentally contained in the Ad.Guru System Operation Data, as a result of our Clients' and/or the Client's End Users' interaction with the Ad.Guru monitoring, security & delivery systems and networks, built-in and/or employed by our Services.

3.1. Scope of Data Collection

The Personal Data may include log files, events and other data, relating to the use of Ad.Guru Services by our Clients and/or their End Users, such as:

• . URL of the webpage where our Services are enabled,
• . the referring URL,
• . video player version the Publisher is utilizing,
• . when & how long the video was played,
• . which advertising message(s) were inserted into the video,
• . whether the video was played in fullscreen mode or not,
• . certain metadata about the video or the Publisher's webpage, etc.

Such Data is collected and used in the pseudonymized manner, which means it can not be separately attributed to identify and/or reveal a natural person's individual identity.

3.2. Scope of Data Usage

We may use the collected Personal Data in a number of ways, such as:

• . to help us ensure that the video and/or advertising content renders properly,
• . to help us and our Clients understand how the video and advertising content we deploy is being viewed by Users, and
• . to help ensure that the video and advertising content is appropriate and relevant to the Client's End Users.

3.3. End User Rights & Choices

To the extent provided under the applicable data protection laws and regulations, Ad.Guru Clients and/or their End Users may request to access, correct, update or delete Personal Data, contained in our System Operations Data in certain cases, or otherwise exercise their choices with regard to their Personal Data by sending us an email at [email protected].

4. DATA DISCLOSURE TO THIRD PARTIES

Ad.Guru may share our Services Personal Data as well as Personal Data contained in our System Operations Data with trusted third-party service providers who perform operational functions for us.

Any use of the Personal Data by such Service Providers for purposes other than performing operational functions for Ad.Guru is strictly prohibited.

We may also share Data on how our Clients End Users interact with video and advertising content, provided via our Services with our Clients - in a pseudonymized manner, so that they can not be separately attributed to identify and/or reveal a natural person's individual identity.

Ad.Guru may also disclose the collected Personal Data elements to a third party:

• . when obligated to do so by law, including without limitation by search warrant, subpoena or court order,
• . in order to prevent, investigate, or take action regarding suspected, or actual prohibited activities, including without limitation the fraud and situations involving potential threats to the physical safety of a person.

Ad.Guru may also transfer the collected Personal Data elements to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.

5. CLIENT'S RESPONSIBILITIES AS A DATA CONTROLLER

This section describes Ad.Guru Clients' responsibilities as a Data Controller, regarding their collection, use and disclosure of End User Personal Data via our Services.

5.1. As firmly stated in our Terms of Service (currently located at https://Ad.Guru/terms), Ad.Guru and our Clients act as independent contractors, and nothing herein creates an employer-employee, joint venture, agency, or representative relationship between them.

5.2. Ad.Guru Clients, including without limitation our SaaS vendor partners, using our Services under the granted license, are bound by the terms of the Client's Order Agreement, including any applicable, mutually ratified Order Forms and/or Addendums, and must adhere to Ad.Guru Privacy Policy practices (currently located at https://Ad.Guru/privacy), as required under our Terms of Service.

5.3. Ad.Guru requires our Clients' compliance with all applicable data protection laws and regulations, in terms of End User Personal Data collection, processing and disclosure via our Services.

5.4. Ad.Guru has no direct relationship with our Clients' End Users and therefore relies on the Clients' compliance with their notice and consent obligations under (i) the terms of the Client's Order Agreement, (ii) Ad.Guru Terms of Service and Privacy Policy and (iii) all applicable data protection laws and regulations.

5.5. Ad.Guru Clients are solely responsible to ensure that their use of our Services and Service Adaptations (except the Products incorporated therein) comply with (i) our Terms of Service, (ii) all applicable data protection laws and regulations, (iii) and do not infringe the intellectual property rights of any third party.

6. CLIENT'S COMPLIANCE AS A DATA CONTROLLER

Ad.Guru requires our Clients' compliance with the minimum compliance requirements set forth in Section 6 of this Privacy Policy.

6.1. Ad.Guru Data Controller Questionnaire

No more than once per year, Ad.Guru may require that our Clients, including without limitation our SaaS Vendor Partners (i) complete the Ad.Guru Data Controller Questionnaire about their Personal Data privacy practices & compliance and (ii) take commercially reasonable steps to complete the questionnaire accurately and promptly.

Ad.Guru Clients must notify Ad.Guru of any material changes in their privacy & compliance practices which deviate from their questionnaire responses.

6.2. Notice of Non-Compliance

Ad.Guru Clients must promptly notify Ad.Guru, if they do not comply, or have reasons to believe it can not comply with:

• . The Client's obligations under the terms of, including without limitation (i) the Client's Order Agreement, (ii) our Terms of Service and (iii) our Privacy Policy,
• . All applicable data protection laws and regulations, or
• . The Client's obligations as a Data Controller.

In case Ad.Guru becomes aware of our Client's Use of our Services in a way that violates any applicable laws and regulations, we will notify the Client of such violation and request their cure of the foregoing.

We reserve the right to prohibit the use or distribution of our Services and/or Service Adaptations that we reasonably believe violate or are likely to violate such laws, regulations and/or Data Subject rights, and if the Client fails to cure the foregoing within fifteen (15) days after written notice thereof.

6.3. Notice & Consent Obligations

Upon Ad.Guru request, our Clients must provide written proof (or require their contractors to provide written proof) of meeting their notice and consent obligations under the terms of the Client's Order Agreement and our Terms of Service.

If our Client intends to rely on a legal basis other than consent to collect End User Data, the Client must notify Ad.Guru about this prior to any use of our Services.

6.4. Privacy Policy

If our Client collects, uses or in any other way processes End User Personal Data via our Services, the Client must provide End Users with an easy-to-access Privacy Policy:

• . on the Home page,
• . other relevant pages of Client's website(s),
• . and within Client's mobile application(s).

Our Client's Privacy Policy must contain the word "Privacy" (or the equivalent in the applicable jurisdiction) in the page title and links.

Our Client's Privacy Policy must (i) be easy-to-understand and (ii) provide sufficient information regarding the following:

• . what End User Personal Data the Client collects and processes,
• . circumstances for End User Personal Data disclosure,
• . purposes of such disclosure (including the Purposes permitted under this Agreement),
• . Personal Data recipient's name & type of organization, and
• . any additional information, required under the terms of the Client's Order Agreement and our Terms of Service.

6.5. Opt-Out Options & Mechanisms

Ad.Guru Clients must enable End Users with the following opt-out options:

• . opt-out of collection and use of End User Personal Data, and disclosure of such Personal Data to third parties,
• . out-out of access and use of End User Personal Data by Ad.Guru.

Without prejudice to our Client's opt-out obligations under the terms of the Client's Order Agreement, the Client's Privacy Policy must reference the following opt-out options & mechanisms, at minimum:

a. For US-based End Users:

• Digital Advertising Alliance (DAA) opt-out program (currently located at optout.aboutads.info)
• Network Advertising Initiative (NAI) opt-out program (currently located at optout.networkadvertising.org)

b. For EU/EEA–based End Users:

• . Digital Advertising Alliance EU (EDAA) opt-out program (currently located at youronlinechoices.eu)

c. For End Users based in any other global region, if/where our Client determines it is not appropriate to comply with opt-out requirements under the terms of (i) the Client's Order Agreement and (ii) our Privacy Policy:

• . the Client must provide a link to the applicable Ad.Guru Privacy Policy (currently located at https://Ad.Guru/privacy), which includes additional links to opt-out options and mechanisms.

If our Client collects End User Personal Data from mobile devices via our Services, the Client's Privacy Policy must include:

• . relevant notices,
• . disclosures,
• . consent information, required for mobile devices under the applicable data protection laws and regulations, and
• . a link to the AppChoices opt-out program (currently located at youradchoices.com/appchoices), or similar opt-out options & mechanisms, compliant with our Terms of Service and Privacy Policy.

6.6. End User Rights & Choice

Ad.Guru Clients must provide End Users with the rights and mechanisms to:

• . amend,
• . restrict the use of,
• . delete or erase,
• . obtain an exportable copy of their Personal Data.

6.7. Confidentiality

a. Confidentiality

Ad.Guru Clients must ensure their employees engaged in the Processing of Personal Data maintain the confidentiality of such Data, including the maintenance of their relevant obligations, including without limitation:

• . acknowledgement of the confidential nature of the Personal Data,
• . regular training on Personal Data protection,
• . written confidentiality agreement,
• . compliance with any other applicable practices set forth by (i) the Client's Order Agreement, (ii) our Terms of Service. or (iii) our Privacy Policy.

Ad.Guru Clients must ensure that such confidentiality obligations survive the termination of their employee engagement with the Client.

b. Reliability

Ad.Guru Clients must take commercially reasonable steps to ensure the reliability of employees engaged in the Processing of Personal Data.

c. Limitation of Access

Ad.Guru Clients must ensure that their access to Personal Data is limited to employees engaged in the Processing of Personal Data via our Services in accordance with our Terms of Service and our Privacy Policy.

CHAPTER III. INFORMATION RELATING TO CHILDREN

Ad.Guru's Website and Services are designed for those 18 years of age and older.

Ad.Guru does not knowingly collect Personal Data from anyone under the age of 18.

If the Company is made aware that it has received Personal Data from someone under 18, it will use reasonable efforts to remove that information from its records.

CHAPTER IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA OF EEA AND SWISS INDIVIDUALS

Ad.Guru is committed to compliance to Personal Data privacy and protection laws and regulations, including: the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

If there is any conflict between the Ad.Guru Terms of Service or Privacy Policy, the Policies covered in the Section shall govern.

1. DATA RETENTION

Retention of the Personal Data of EEA and Swiss individuals will be handled in accordance with Ad.Guru Data Retention policy (as described above in this Privacy Policy).

2. ACCESSING AND DELETING PERSONAL DATA

EEA and Swiss individuals have the right to:

• . request access to and rectification or erasure of Personal Data, obtained by Ad.Guru,
• . restrict the processing of their Personal Data, object to processing, and/or exercise the right of data portability, and
• . withdraw consent to the collection and use of Personal Data by Ad.Guru without affecting the lawfulness of processing and lodge a complaint with a supervisory authority.

To exercise this right, please send us an email at [email protected].

Ad.Guru is committed to resolving complaints about our collection or use of your Personal Data.

EEA or Swiss individuals with complaints or inquiries regarding this Privacy Policy should first contact Ad.Guru by sending an email at [email protected].

3. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES, ONWARD TRANSFER

Ad.Guru may transfer obtained Personal Data elements of EU and Swiss individuals to third parties, as described above in this Privacy Policy. The disclosed Personal Data used for the purposes set forth in this Privacy Policy.

To request notification of the intended purpose, disclosure, addition, correction, deletion, cessation of use, and cessation of disclosure to third parties of your Personal Data, please send us an email at [email protected].

4. NOTIFYING THIRD PARTIES ABOUT PERSONAL DATA RESTRICTION, RECTIFICATION, ERASURE

Where Ad.Guru has disclosed Personal Data of our Client, or our Client's End User to any third party, and that Client, or that Client's End User has subsequently exercised any of the rights of erasure, rectification, or blocking, Ad.Guru will promptly notify these third parties of the Client's, or the Client's End User's exercising of those rights.

In no case Ad.Guru shall be liable for the failure of any third party to comply with such Client's or such Client's End User's request.

Ad.Guru shall be exempt from this obligation if it is impossible or would require a disproportionate effort.

5. COLLECTION AND USE OF SENSITIVE OR SPECIAL CATEGORIES OF PERSONAL DATA

Ad.Guru does not knowingly collect, store or in any other way process Sensitive or Special Categories of Personal Data, such as:

• . Personal Data, revealing ethnic or racial origin, religious/philosophical beliefs, political opinions, or trade-union membership,
• . Genetic data or biometric data,
• . Personal Data concerning health or sex life and sexual orientation,
• . Personal Data of Children below the age of 18 years.

If Ad.Guru is made aware that it has obtained such Sensitive Personal Data elements, we will use reasonable efforts to remove this Data from our records.

CHAPTER V. LEGAL BASIS FOR PROCESSING PERSONAL DATA OF CALIFORNIA RESIDENTS

Ad.Guru is committed to compliance to Personal Data privacy and protection laws and regulations, including the California Consumer Privacy Act (CCPA).

If there is any conflict between the Ad.Guru Terms of Service or Privacy Policy, the Policies covered in this Section shall govern.

1. PERSONAL DATA RIGHTS OF CALIFORNIA RESIDENTS

Ad.Guru has no direct relationship with our Clients' End Users and therefore relies on the Clients' compliance with their notice and consent obligations.

Ad.Guru does not sell any of the Personal Data collected, or otherwise processed to third parties.

If you are a California Resident, and have an established business relationship with Ad.Guru, pursuant to California Consumer Privacy Act (CCPA), you have the right to:

• . access Personal Data Ad.Guru has collected from you,
• . request deletion of Personal Data collected.

To exercise any of the rights mentioned herein, please email us at [email protected].

2. PROCESSING OF CHILDREN'S PERSONAL DATA

Our Website and Services are designed for those 18 years of age and older.

Ad.Guru does not knowingly collect, store or in any other way process Personal Data of Children below the age of 18 years.

If Ad.Guru is made aware that it has obtained such Personal Data, we will use reasonable efforts to remove this Data from our records.

CHAPTER VI. QUESTIONS TO THIS PRIVACY POLICY

If you have any questions or suggestions regarding this Policy, or a specific demand, please contact us at [email protected]. We will process your request within a reasonable period of time.