Privacy Policy

1. Introduction

Welcome to Codevelop Technologies GmbH ("Codevelop", "we", "us", or "our"). We value your privacy and are committed to protecting personal data when delivering and optimizing our engaging online ad formats. This policy explains what data we collect, how we use it, and your choices.

2. Scope of this Policy

This Privacy Policy applies to the processing of data through our ad formats and technologies ("Services") integrated into third-party publisher websites. It applies when users interact with our Services, under either consent or legitimate interest as permitted by applicable law and the IAB Europe Transparency and Consent Framework (TCF).

3. What Data We Collect

We collect only non-personal or pseudonymous data. This includes:

  • IP address (for fraud prevention, coarse geolocation).
  • Device and browser details (e.g., type, operating system, user agent).
  • Ad performance metrics (e.g., impressions, clicks, viewability).
  • Cookie or device identifiers (used for ad frequency, aggregate analytics).

We do not collect names, emails, precise location data, or any data used for cross-device linking or user profiling.

4. How We Use the Data

Our purposes for data processing are strictly limited to the following IAB TCF Purposes:

  • Purpose 1: Store and/or access information on a device
    Used for technical delivery (e.g., to serve a creative or remember a frequency cap).
  • Purpose 2: Select basic ads
    Used to deliver standard ads that are not based on a user profile.
  • Purpose 7: Measure ad performance
    To understand how an ad performs (e.g., impressions, clicks, viewability) in aggregate.
  • Purpose 9: Apply market research to generate audience insights
    We use aggregated data to help our clients understand campaign engagement.
  • Purpose 10: Develop and improve products
    Used to improve our ad technology, debug delivery issues, and enhance user experience.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Store identifiers for ad delivery and performance measurement.
  • Respect your privacy preferences via the publisher's CMP interface.
  • Limit ad frequency (how often an ad is shown).

Cookie Duration: Up to 365 days unless deleted by the user.

6. Legal Basis for Processing

We rely on:

  • Consent – where required for storing or accessing information for analytics and delivery.
  • Legitimate Interest – where permitted, we have conducted a Legitimate Interest Assessment (LIA) confirming that our processing does not override your fundamental rights.

You can withdraw consent or object at any time via the publisher's Consent Management Platform (CMP).

7. Legitimate Interest Claim

Under Article 6(1)(f) of the GDPR and the IAB Europe Transparency and Consent Framework (TCF), we may process limited personal data (such as IP address or device data) based on our legitimate interests for the following purposes:

  • Ad delivery (e.g., ensuring ads are shown and sequenced properly)
  • Measurement (e.g., counting impressions or measuring performance)
  • Security and fraud prevention (e.g., detecting invalid traffic)
  • Service development and improvement (e.g., debugging, analytics)

We have carried out and documented a Legitimate Interest Assessment (LIA) that demonstrates how our business interests do not override your fundamental rights and freedoms. This assessment considers the nature of the data, safeguards in place, and user expectations.

Right to Object: You can object to this processing at any time via the publisher's Consent Management Platform (CMP) or by contacting us at [email protected].

8. User Rights and Choices

You may:

  • Withdraw consent via the publisher's CMP
  • Block cookies using your browser settings
  • Contact us for privacy-related questions or objections

Since we do not collect personally identifiable data, we are unable to provide access, rectification, or deletion requests tied to direct identifiers.

9. Your rights under the GDPR

If you are a data subject located in the EU/EEA, you have the following rights under the General Data Protection Regulation (GDPR), even though we only process technical data (such as IP addresses or cookie IDs) and not directly identifying information like names or email addresses:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your data where legally permissible.
  • Right to restriction of processing (Art. 18 GDPR): You can request that we limit the processing of your data under certain conditions.
  • Right to object (Art. 21 GDPR): You may object to the processing of your data based on legitimate interests.
  • Right to data portability (Art. 20 GDPR): You can request a copy of your data in a machine-readable format.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe we are processing your personal data unlawfully.

To exercise any of your rights or if you have questions about how we process your data, please contact us at: [email protected]

10. International data transfers

We are a Switzerland-based company and, in certain cases, subject to the General Data Protection Regulation (GDPR) – particularly where we deliver advertising formats to users within the European Union (EU) or European Economic Area (EEA). In this context, we may process technical information such as IP addresses, cookie identifiers, or device details, which are considered personal data under the GDPR.

Switzerland has been recognized by the European Commission as a country with an adequate level of data protection under Article 45 of the GDPR. Therefore, data transfers from the EU/EEA to Switzerland are permitted without additional safeguards.

As of now, we do not transfer personal data to any other third countries outside the EU/EEA and Switzerland. Should this change in the future, we will ensure that appropriate safeguards are implemented in accordance with Articles 44 et seq. GDPR – for example, through the use of EU Standard Contractual Clauses or equivalent mechanisms.

11. Data Retention

We retain data for up to 365 days, unless a shorter or longer period is required for compliance or operational needs. Data may be anonymized or aggregated earlier if no longer needed.

12. Security

We implement technical and organizational safeguards to protect the data we process against unauthorized access or misuse.

13. Third-Party Platforms

Our ad technology is integrated on third-party publisher websites and may involve AdTech partners. We strive for compliance and security throughout the chain, but we are not responsible for the practices of external websites or systems.

14. Changes to This Policy

We may update this policy to reflect changes in legal requirements, technology, or business operations. Material changes will be clearly communicated on our website or via our partners.

15. Contact Information

Codevelop Technologies GmbH
Bändlistrasse 62
8064 Zürich, Switzerland
Email: [email protected]
Phone: +41 44 585 16 00

Last updated: June 2025