NHNACE Privacy Policy

Updated on: January 2025

1. OVERVIEW

This Privacy Policy ("Privacy Policy") describes how NHNACE (including NHNACE Corp. and other NHNACE group companies, where applicable, hereinafter referred to as "NHNACE," "we," or "us") collects and uses information. We respect your rights to privacy. This Privacy Policy explains who we are, how we collect, share, and use your personal information, and how you can exercise your privacy rights.

  • 1-1. INTRODUCTION TO NHNACE SERVICES
    NHNACE provides Ad Services, specifically mobile advertising automation technology and solutions, to advertisers, DSPs, app developers, and publishers of mobile apps and websites (collectively, “Clients”). Through our Ad Services, we offer tools to our Clients — and through them, their customers — to deliver relevant online advertisements to End-Users. Our Ad Services include the ad exchange platform (“ACE Exchange”), the advertising platform (“ACE TRADER”), and the app publishing division (“ADLIB”).
  • 1-2. PERSONAL DATA
    Personal Data refers to any information that can be used to identify you as a natural person, either directly or indirectly, particularly when combined with other information available to us, such as an identification number, online identifier, or one or more specific factors related to your identity as a natural person. The scope of Personal Data may vary depending on the applicable laws, which are often determined by your location. The data collected and used by NHNACE may include your Personal Data.

    NHNACE may act as either a data controller or a data processor, depending on the circumstances. As a data controller, NHNACE (either independently or jointly with its business partners) determines the purposes and methods for collecting and using your data. In such cases, you may receive information from NHNACE or its relevant business partners regarding the collection, use, and/or consent related to your data, as applicable. As a data processor, NHNACE may process data on behalf of its business partners as part of its obligations.

2. WHAT INFORMATION DO WE COLLECT

When visiting mobile applications using our Ad Services, we may collect various information from the end-user, their device, and connection, depending on the publisher's settings. Below is a list of the information we collect in relation to our Ad Services:
  • Browser and device information received from publishers: This data is shared with advertisers and agencies to respond to ad requests, predict ad inventory, and address operational issues. It includes:
    • ✓ Device type (e.g., smartphone, tablet, smart TV, PC, etc.) Device type (e.g., smartphone, tablet, smart TV, PC, etc.)
    • ✓ Device manufacturer (e.g., Apple, Samsung)
    • ✓ Device model (e.g., iPhone, Galaxy S23)
    • ✓ Operating system (OS) (e.g., iOS, Android)
    • ✓ Device language settings (e.g., Korean, English)
    • ✓ MAC address (encrypted using MD5 hash)
  • • Device identifiers associated with app publishers (IFV)
  • IP address: Includes both IPv4 and IPv6 and is shared with demand-side partners (DSPs) bidding on ad inventory on behalf of advertisers and agencies.
  • User IDs stored in browser cookies by DSPs: These IDs are stored by DSPs to build profiles for use in the ad server.
  • Data on ad views and clicks: Information on whether the End-User viewed or clicked an ad is shared with DSPs to measure ad performance and provide statistics on behalf of advertisers and agencies.

  • 2-1. HOW WE USE THE INFORMATION
    We use the information we collect for the following business purposes:
    Purposes Description
    Providing and improving our advertising services The information we collect is essential to provide and optimize our services (including the advertising services mentioned above), including linking the various devices used by end users and identifying devices based on automatically transmitted information, including actively scanning device characteristics for identification purposes, subject to EU end users’ consent.
    Delivering ads Through our Ad Services, publishers and app developers can offer ad inventory, while advertisers and buyers (DSPs) can bid on that inventory to fill it with relevant advertisements.
    Behavioral targeting DSPs, acting on behalf of advertisers and agencies, match the data we provide to them with their own data to predict the potential future behavior and interests of End-Users, either on a per-device basis or across devices. This enables advertisers and agencies to select and deliver highly relevant ads to the right users effectively.
    Reports and analytics We collect this information to analyze ad performance, including tracking ad views, click-through rates to websites or app stores, and installations of advertised apps. This helps us enhance our Ad Services and provide comprehensive reports to our Clients as needed.
    Data validation and fraud prevention To protect the integrity of our Ad Services, we may need to match End-User information, such as mobile IP addresses, across devices. This process helps validate data, filter out invalid impressions, clicks, installs, or ad queries, and prevent fraudulent activities during ad delivery. By implementing measures such as IP address matching, invalid impression and click filtering, and fraud prevention, we ensure accurate and secure data protection.
    Compliance with legal obligations We may process personal information as necessary to: (i) comply with legal processes, (ii) respond to requests from government authorities, including but not limited to those in the End-User’s country of residence, (iii) protect the business, rights, privacy, and safety of our company, subsidiaries, and Clients, (iv) conduct audits, such as security, corporate, or accounting audits, and (v) ensure the enforcement of our terms and conditions.

3. WHAT TECHNOLOGIES DO WE USE?

Cookies. Cookies are small data files containing unique strings, such as browser identifiers, that are stored on your computer or other devices. They serve as unique tags to recognize your browser. Our servers will deploy cookies to your browser only when the domain www.nhnace.com is accessed, and solely with prior consent from EU End-Users.
Pixel tag. also known as web beacons or pixels, are small blocks of code embedded in web pages that can read and place cookies. They enable the collection of information such as IP addresses, access times, and browser types.
Sdks. Software Development Kit (SDK) is a toolset or program utilized by app developers to facilitate the delivery of advertisements, collect data, and implement essential functionalities related to advertising services within mobile applications. APIs. Application Programming Interfaces (APIs), similar to SDKs, serve as mechanisms for calling or requesting specific information.

To collect and utilize information about you, as detailed in Section 2, we and our third-party partners employ cookies and other similar tracking technologies.

  • 3-1. HOW DO WE USE THESE TECHNOLOGIES FOR ADVERTISING PURPOSES?
    • These tracking technologies are utilized only after obtaining prior consent from EU End-Users. As a member of the IAB Transparency and Consent Framework, NHNACE automatically collects information from End-Users' devices provided by collaborating publishers. These technologies uniquely identify the browsers or devices used by End-Users, prevent repetitive exposure to the same ads, ensure proper display of ads on publishers’ apps and websites, and contribute to delivering relevant advertisements to End-Users.

    Additionally, with the explicit and prior consent of EU End-Users, our clients may use the data shared by NHNACE to establish connections across relevant devices for purposes such as delivering personalized ads, analysis, and reporting for advertisers and agencies. For example, cross-device matching may occur if an End-User logs into the same online service across multiple devices or browsers, or if those devices are assumed to share attributes indicating use by the same individual or household. As a result, activity information from one browser or device may be associated with the user’s other browsers or devices. This enables advertisers and agencies to serve personalized ads on a tablet based on activity from a smartphone.

    If you wish to opt out of cross-device targeting, please refer to the instructions in the section below.

4. Adherence to the TCF IAB

We participate in the IAB Europe Transparency & Consent Framework (IAB TCF) in order to obtain appropriate consent from EU End-Users to tracking technologies. We comply with IAB TCF Specifications and Policies. NHNACE’s identification number within the framework is 1388.

The Transparency and Consent (TC) string is a tool provided by the IAB TCF that enables end users to consent to or reject the use of tracking technologies. This string is shared with NHNACE, as well as our clients and partners, and is used to verify compliance with GDPR, ensuring eligibility to process end-user data.
On February 2, 2022, the Belgian Data Protection Authority determined that IAB Europe qualifies as a joint controller alongside Consent Management Platforms (CMPs), publishers, and vendors. This decision is based on the fact that the collection and distribution of the Transparency and Consent (TC) string rely on Legitimate Interest and necessitate the implementation of an opt-out system. Furthermore, the ruling establishes that IAB Europe, CMPs, publishers, and vendors are joint controllers in the further processing of personal data for advertising purposes.

NHN ACE acts as a joint controller in collaboration with its clients (publishers and advertisers) and partners. To ensure accountability, NHN ACE explicitly defines data protection responsibilities in agreements with its clients and partners when processing and sharing TC strings. In alignment with GDPR and related regulations, NHN ACE works closely with IAB Europe, CMPs, publishers, and vendors to maintain full compliance. This policy will be updated as needed to reflect any changes in TC string-related requirements.

Users have the right to manage their personal data on websites and applications powered by NHN ACE's technologies through the TC string. This feature allows users to easily manage consent preferences or opt out as needed. NHN ACE is dedicated to fostering transparency and effective consent management, ensuring the highest standards of personal data protection.

  • 4-1. PURPOSES OF THE PROCESSING – LEGAL BASIS – DATA RETENTION
    The following outlines the purposes for which we process EU user data, the corresponding legal bases, and the data retention periods.
    PURPOSES of the TCF IAB Consent String (See also Section 2-1) LEGAL BASIS DATA RETENTION DESCRIPTION
    Store and/or access information on a device Consent After 180days the data is deleted Activities that involve storing or accessing information on a device to support ad personalization.
    Use limited data to select advertising Flexible, default is Legitimate Interest After 180days the data is deleted Using limited data to select and deliver basic ads while ensuring their relevance and effectiveness.
    Create profiles for personalised advertising Consent After 180days the data is deleted Creating tailored ad profiles based on user behavior and interests to deliver personalized advertisements.
    Use profiles to select personalised advertising Consent After 180days the data is deleted Selecting and delivering personalized ads to users based on the generated profiles.
    Measure advertising performance Flexible, default is Legitimate Interest After 180days the data is deleted Processing data to measure the performance of ad campaigns, analyze advertiser ROI, and optimize platforms, all based on Legitimate Interest.
    Understand audiences through statistics or combinations of data from different sources Flexible, default is Legitimate Interest After 180days the data is deleted Combining statistical data or data from various sources to understand and analyze target ad audiences.
    Develop and improve services Flexible, default is Legitimate Interest After 180days the data is deleted Optimizing platform functionality and improving user experience through the development of new ads and services.
    Ensure security, prevent and detect fraud, and fix errors Legitimate Interest After one weeks the data is deleted Processing data to enhance platform security, prevent fraud, detect and correct errors.
    Deliver and present advertising and content Legitimate Interest After 180days the data is deleted Storing user privacy preferences and sharing them with DSPs and SSPs to ensure compliance with data protection regulations.
    Save and communicate privacy choices Legitimate Interest After 180days the data is deleted Users' privacy preferences and share them with DSPs and SSPs to ensure compliance with data protection regulations.
    Match and combine data from other data sources Legitimate Interest After 180days the data is deleted Enhance user profiles by matching them with third-party data and utilize this for ad performance analysis and optimization..
    Link different devices Legitimate Interest After 180days the data is deleted Link data across different devices to identify users on multiple devices and provide a consistent advertising experience.
    Identify devices based on information transmitted Legitimate Interest After 180days the data is deleted Identify devices based on the information they transmit and utilize this for ad targeting and performance analysis.

5. Compliance with the CCPA (California Consumer Privacy Act)

We are committed to complying with the California Consumer Privacy Act (CCPA). If you are a California resident, state laws, including the CCPA, grant you the right to make specific requests regarding your personal information. You may specifically request us to:

  • • Categories of personal information we have collected about you
  • • Sources from which your personal information was collected
  • • Business or commercial purposes for collecting and disclosing your personal information
  • • Categories of third parties with whom we have shared your personal information, including for business purposes
  • • Specific details of the personal information we have collected about you

The CCPA ensures that you have the right not to be discriminated against for exercising your rights, as provided under applicable law. Certain information may be required to deliver our services or may be exempt from such requests under California law. Before processing your request, we will take reasonable steps to verify your identity and may request additional information if necessary to complete your request.

Under the CCPA, businesses that “sell” personal information must provide specific rights to consumers. However, we do not engage in activities that qualify as “sales” of personal information under the CCPA. To opt out of data sharing, please refer to Section 8.

6. Compliance with the Children's Online Privacy Protection Act (COPPA)

We comply with the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act (CCPA). We do not knowingly collect or process personal information from children under the age of 13. If we become aware that personal information of a child has been collected, we will obtain parental consent or take appropriate actions in accordance with applicable laws, including the immediate deletion of such data.

Additionally, we do not knowingly "sell" the personal information of minors under the age of 16 who reside in California, as defined under the CCPA. We implement additional measures to protect the personal information of such minors. We are committed to complying with the requirements of both COPPA and CCPA, maintaining the highest standards for protecting children's personal information.

7. International data transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to the United States or other countries with data protection laws that may differ from those in your country of residence. We are committed to safeguarding your information in accordance with applicable legal requirements.

8. Your Data Subject Rights

You have the right to request access to, correction of, or deletion of the personal data we have collected about you. Additionally, you have the right to data portability, as well as the right to restrict or object to the processing of your personal data. You may withdraw your consent at any time and request that your data not be shared with third parties.

You may submit a request to NHN ACE to inquire about or update the status of your data processing by contacting us at ax@nhnace.com. During the processing of your request, we may verify your identity or request additional information to better understand your request. Once your request is received, we will strive to process it promptly and efficiently.

9. Changes to our Privacy Notice

The Privacy Policy may be updated to reflect legal requirements, service improvements, or technical needs. The latest version will always be available on our website, and any significant changes will be communicated in advance.

10. CONTACT US

If you have any questions regarding our Privacy Policy or Advertising Policy, please feel free to contact us using the details below:
  • • E-mail: ax@nhnace.com
  • • Address: 16, Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea