GDPR

Data Protection Officer - DPO

According to the GDPR companies such as Brain are required to have a Data Protection Officer (DPO). Our DPO monitors our products and services and makes sure that they comply with the European and local regulations as well as make sure every employee has the correct training and understanding of how we manage data and user information.

When new functions and services are created our DPO is involved with the development from the very start, in order to evaluate: what are the purpose of the services, what is the legal grounds for the processing, how can we minimise the processing and how long do we need to store the information linked to the services.

Should an incident occur our DPO will be the first one notified and he will establish an incident report and notify the relevant authorities as well as any clients or customers that have been affected by the incident.

Should you not find the information you want here on the website, you are more than welcome to contact our DPO: dpo@brainnordic.com

Cookies & Opt Out

You may opt out from any data processing done by us. It will require us to set a cookie, but this cookie will be flagged as “Do not process”.

Opt out here:

Cookie Policy - Brain Nordic

Last updated: 2021-10-25

This cookie policy explains how Digital Brain Nordic AB uses cookies and similar technologies to recognize when you visit our website, use our services or visit websites that belong to our customers. It also explains how we use cookies to deliver our services to our customers and how they might be used by them. It explains the technology, why we use them and your right to control them.

We are a member of IAB Sweden, IAB is an interest organization that works with online marketing in Sweden. They are a network of highly skilled individuals that focus on providing transparency and spreading knowledge in the industry. Please read more here: https://iabsverige.se/

What is Cookies?

A cookie is a small file that contains a string of letters and numbers that is sent to your computer when you visit a website, interact with it or maybe view an ad. This cookie is used to recognise your browser if/when you visit the website again. A Cookie may store your preferences or other information.

Cookies provide a simpler and more seamless experience of the Internet, saves you time or customises your experience of websites. For example a Cookie can remember your settings for a website, so that you do not have to submit the same information again or remembers you so that you don’t have to login again.

Cookies that are set by a website owner (in this case Brain) is called “1st party cookies”. Cookies that are set by other than the website owner on a page view on the website is called 3rd party cookies.

3rd party cookies allows third party services and content to be supplied by the website (like advertising, analytics and content). These 3rd party cookies can be recognised by these suppliers both when you visit a specific website and sometimes also on other websites

Why do we use cookies?

We use both 1st and 3rd party cookies for multiple purposes. Some cookies are necessary for technical reasons so that our domains and services will work correctly. These cookies we classify as “Necessary”.

Other cookies allows us to follow and log specific attributes or behaviour for users online in order to improve our services, the experience of our website and our services to our customers. We may use them to better understand how you use our and our customers website(s) and services. 3rd party cookies may also be used for marketing, content and analytics purposes. These purposes are described below.

What type of cookie, why and how do we use them?

Below are the description of the first and third party cookies set by Brain and why:

_cfduid
Content delivery optimisation used by CDN (more info)
Type: 3rd party
Expiration: 1 year
Purpose: Performance
Domain: cloudfront.net
buid
This is a 3rd party random identifier used by Brain to distinguish user’s browsers
Type: 3rd party
Expiration: 1 year
Purpose: Necessary
Domain: dep-x.com
dep
This is a 1st party random identifier used by Brain to distinguish anonymous user’s browsers.
Type: 1st party
Expiration: 1 year
Purpose: Necessary
Domain: local domain

Necessary cookies: These cookies are necessary for us to provide our services to you and our customers. For instance in order to access protected or restricted parts of our platforms and services.

Performance or functionality cookies: These cookies are used to improve performance of our websites or services but not absolutely necessary, however some parts of our websites or services may be inaccessible without them.

Analytics or personalisation cookies: These cookies gather information that is used either in aggregated form in order to understand users online on our domains or on our clients domains in order for us to analyse your visits or personalise the website experience for you.

Marketing cookies: These cookies are used to target you with advertising. These cookies can be used in order to prevent serving the same ad to you again and again, ensure the ads are displayed correctly, adapt the ad content based on the preferences or information connected to the cookie. Brain does not place marketing cookies in your browser from our domains, but we may drop 3rd party cookies from marketing platforms through our integrations on a website.

Social media cookies: These cookies allows you the possibility to share pages and content that you may find as interesting on our domains, in our services and applications, through 3rd party social networks and other websites. These cookies may also be used for marketing and advertising purposes.

How can I control cookies?

You have the right to decide to accept or deny cookies to be placed in your browser. There is nothing that says that you have to accept cookies, but there may be consequences by denying cookies.

In order to know if you accept cookies or not we need to place a cookie in your browser, so this gets a bit contradictory. Instead we allow you to “opt out” (deselect) from us using the cookies we placed in your browser. This means that even if we place a cookie in your browser it will be withheld from being processed in our systems and any data connected to the cookie will not be shared or distributed within or outside of our systems.

This you can do it at the top of the page.

If you don’t want us to place a cookie at all you can change your settings in your browser to not accept cookies. If you choose to do so you can still use our websites and services, but some parts may be blocked for usage. Exactly how you block cookies varies from browser to browser, please investigate this or contact your browser provider to find out how to do this.

Also, most ad networks, marketing platforms and ad-tech providers allows you to opt out from targeted advertising. If you want to know more about this you can visit: http://www.youronlinechoices.eu/. But please keep in mind that this will not prevent you from seeing ads, it just means that they will not be tailored to you.

Do you supply targeted advertising?

3rd party suppliers may set cookies in your browser in order to target you with advertising through our domains our customers domains. These companies may use information about your visit in order to make content and ads more relevant for you. We place similar cookies in your browser in order to add information to the cookie and better analyze your visits. This information may be shared to 3rd party services that will target you with content or advertising, but the cookies set on domains controlled by us is not used for ad serving. If you do not want us to share the information we have, that is connected to your cookie, you may opt out. 3rd party provider and Brain may use cookies to measure the effectiveness in advertising. This technology does not allow us to gather or process personal information, unless you provide it yourself.

Where can I get more information?

If you have any questions about how we use cookies you can e-mail the questions to: dpo@brainnordic.com.

The date at the top show when this cookie policy was last updated.

Privacy Policy - Brain Nordic

Updated: 2023-01-20

We at Brain (Digital Brain Nordic AB) are dedicated to protect your integrity. This Privacy Policy applies to both our websites, our services and our Online applications that are owned and controlled by Brain.

This privacy policy is applied on how we handle data, both in terms of how we process and use data. It describes also your choices in terms of usage, access and correction of your personal information. If you do not accept the usage described in this privacy policy you should not use our websites, services or applications.

We update this policy periodically. These updates you can find here. And even if we try to keep you updated on any changes to this policy we encourage you to stay updated by reviewing this policy once in a while. You will always find the latest version here.

If you have any questions to us in regard to this privacy policy or how we manage and maintain your personal information you are welcome to contact us. E-mail us at: dpo@brainnordic.com or send a letter to: Digital Brain Nordic AB, Kungsportsavenyen 21, 41136 Göteborg, Att: DPO.

1. The Use of Service, by Brain or our Customers

Subscription services

Our service allows for the company that use it (our customers or ourselves) to analyze consumers based on geographical information, cookie information and browser information.

The service also allows companies to target marketing, commercial content or editorial content to their customers in own and operated channels (owned domains, news letters, mobile messages, direct marketing, etc.) or in bought channels (digital marketing, printed marketing, searches, social media, etc.).

We provide this service to our customers so that they can better understand their customers, their needs and wishes, increase sales and find new customers based on insights about their existing customers. We use the services in a similar fashion to meet our business needs.

Use by Brain

We use the services in order to create audiences that can be used for targeting content Online. We also use our services to create consumer analytics for our customers. The information we create and use for marketing purposes belong to us and is used in the fashion described in this privacy policy.

Use by our Customers

Our customers use our services to create consumer analytics, analyze site traffic and target different types of commercial content. Brain does not control what information our customers choose to send into our services or how the results of our services is used by our customers. This information belongs to our customers and is used, shared and protected in accordance with their privacy polices, and that usage is outside of this privacy policys privy.

We process our customers information in accordance with their instructions to us and in accordance with the service agreement that we have with them. We store the information on our service providers servers, but we do not control our customers data collection or management. Our agreements with our customers prevents us from using this information for other purposes than delivering our services, in accordance with this privacy policy or in accordance with what is required by law. We continuously work with data minimization, to only hold the information necessary to deliver our services. We only hold personally identifiable information (PII) in the case where it is required to deliver our services to our customer, or if our customers expressly ask us to store information in clear text. In all other cases we work with different layers of pseudonymization (one way encryption of information) and anonymization (information that can not be linked to an individual).

We do not have any direct relation to the individuals that provide their PII to our customers. We do however recognize your right to have access to your personal information. Our customers control the information and thereby it is they who are responsible for correcting, deleting or updating information that they have gathered, analyzed or processed, through our services. If we are requested to delete data we will respond in a timely fashion and in accordance with current legal requirements. It may happen that we cooperate with our customers to inform their clients about data processing, collection and use. Our agreements with our customers prevents them from using the service to collect, store or process sensitive information. We are not responsible for our customers use of the information created by or throgh the services we provide. If you wish to check, give or withdraw consent for data processing we ask you to contact the customer that the processing concerns. In some cases we might transfer information to companies that help us deliver our services. Transfer to third parties is covered by the service agreements we have with our customers.

“Sensitive information”

This is information such as: payment information, personal bank information, address information, personal identification numbers, drivers license numbers, passport numbers or other information that identifies an individual, as well as ethnical information, health records, religious views, employment records, finance or health information.

2. Information we collect

When you visit a website

You may visit a website that use our services without providing any personal information about yourself. We may request information about you when you visit a domain or register for a service, this information about you, in combination with browser data, app-data or geographical information may be collected and processed in that case.

Through our services to our customers we will collect various data such as but not limited to: browser data and settings (language, browser version, browser type, header referrer, page data), device information (pixel ratio, mobile detection), browser plugins (blocked 3rd party cookies, user agent, version, local storage), performance information (load time, collect time, pixel load time, domain lookup time, connect time) as well as other custom data points on the request of our customers.

”Personal Identifiable Information – PII”

This is information that you voluntarily give up to us or one of our customers that identifies you as an individual, including contact information, such as your name, e-mail, company, company address, home address, phone number or other information about you or the company you work for.

PII may also be information about transactions, both free or paid, that you activate through a domain or a service, and information that can be available about you through services such as Facebook, Linkedin, Twitter or Google, or public information about you that can be obtained through 3rd party suppliers.

PII can also be geographical information and payment information that can identify you as an individual. Geographical information is information that can be linked to your computer and your visits to domains or services, such as your IP-address, geographical position, browser type, URL, time stamps and pages that have been visited. Payment information can include information about payment method, credit card numbers and purchase information. Besides this we do not collect, store or process any information about you.

Log files

When you use domains or services that have our systems integrated we automatically collect information about your computers hardware and software. This information may include IP-address, browser type, domain name, ISP, what files you have seen on the domain (HTML-pages, images, etc.), operation system, click-stream data, time stamps and referring web pages. This information is used by Brain to supply our service, to maintain the quality of service, and deliver statistics for the use of our or our customers web sites and domains. For these purposes we automatically link to PII information, if you or our customers have provided such.

Information we collect through 3rd party

We may collect information about you from 3rd party sources, including partners that we provide services with or do marketing efforts with, and through public sources of data such as social media websites.

Information about underaged

Our website and services is not designed for children under the age of 18, and we do not knowingly collect data about person we know are under 18. If you think we might have collected data about a minor please contact us: dpo@brainnordic.com.

3. How do we use the information we collect

Application of our Privacy Policy

We only use the information we collect in accordance with the privacy policy. Customers that use our services are by our terms of service obligated to also abide by this privacy policy.

We do not sell your personal information

We never sell personal information (PII) to third parties.

Use of Personal Information

Besides usage that is specified in other parts of this privacy policy, we may use your personal information to:

Improve your experience of online through personalization of websites and applications;
Send information to you with content we believe may be relevant for you, by mail, e-mail or by other ways of marketing.
Market our services and share marketing and information in accordance with your preferences;
Provide other companies with statistical information about you, but only in forms that does not allow for you to be identified as an individual;
Send information to you about changes to our terms of service, integrity policy, cookie policy or other legal documents;
To meet legal requirements from government authorities, local or national, or other parties authorized to make such demands.
We may contact you on the behest of 3rd parties, but in that case we will not transfer personal information to that 3rd party.
We use the information collected for the following purposes:

In order to provide the service as a whole and prevent or obstruct security- and tech problems.
To respond to yours and others support questions and issues.
To fulfill our obligations to you under our service agreement.

Legal grounds for processing personal information (visitors and customers within the EU)

If you are a visitor or customer within the European Union economic area, Digital Brain Nordic is Data Controller for the data you directly submit to us as a legal entity. You can contact our Data Protection Officer here: dpo@brainnordic.com.

Our legal ground for collecting, processing and use above mentioned personal information depends the personal information and what context we collect it in.

But normally we will only collect and process information when we have your consent to do so, when we need your personal information to fulfill a contractual obligation with you or where the processing is in our legitimate interest and does not violate your personal integrity, your rights concerning personal information, your basic rights and freedoms. In certain cases we may have obligations to collect information about you.

If we ask for personal information according to legal requirements or in order to fulfill a contract with you, we will do so by clearly explaining what information that is mandatory and which is not, as well as the consequences of not giving the information. If we collect and process personal information about you under legitimate interest, or a legitimate interest for third party, we will make this clear to you.

In the cases where we deliver our services to our customers and process personal information on behalf of our customers Brain acts in the capacity of data processor to our customers. And in these cases it is our customers that are data controllers and thereby also responsible for establishing legal ground for the purposes for which they use our services. We always deliver our services to our customers under a data processing agreement.

Legal grounds for processing personal information under contractual obligations

As a tech and data provider we enter into contract with Customers such as advertisers and publishers who are data controllers in regards to the registered/data subjects in the digital domains they operate and control. Under such a contract we act as data processors and have always entered into a data processing agreement with the Customer as a part of the contract.

In such cases the Customer act as data controller and is responsible for establishing legal grounds for the data processing that we do as a part of our contractual obligations to the Customer. We always ensure that the Customer is fully informed as to what data we collect and how we store and process them, so that they may correctly communicate this to the registered/data subjects.

As the Customer is in full control over how we are integrated in their digital domains they can at any time remove, amend or adjust the integration and stop passing information to our systems, if they so chose to.

Use of geographical information

We use geographical information in order to manage and improve our domains and applications, and to improve our services. We may use geographical information alone or in combination with personal information in order to provide a personalized experience of our domains and services.

Customer reviews and comments

We may publish customer reviews and comments in our digital channels and marketing materials (website, applications, social media, sales documents, etc.) that may contain personal information. We obtain consent for this prior to publication.

Use of payment information

If you share your payment details with us (bank account, credit card number, etc.) we will only use this in order to investigate your financial status and charge you for our services. We allow third party services to manage these payments. This service provider is not allowed to store your information for other purposes than processing your payments on our behalf.

Security

We apply a wide variety of security measures and technologies in order to protect your personal information from unauthorized access or processing. We secure the protection by storing the information on servers in protected environments, protected from unauthorized access. All personal information is protected through suitable physical, technical and organizational measurements.

Social media and third-party suppliers

Our domains and applications may use applications and social media services that is run on our domains and in our applications. These services and functions may collect your IP-address, what page you visit and may set a cookie in order for the functions to work correctly. These services and functions are managed by a third party and this privacy policy does not apply to these services and functions. Your interactions with these services and functions are done under each providers privacy policy.

External sites

We may link to external websites. We do not control or are neither responsible for the content on those websites. Just because we link to them does not mean that we endorse, market or agree on the content of those websites, what their owners communicate or how they work.

Storage of personal information

How long we store the information we collect about you depends on the type of information; this is described below. We will erase, anonymize and if that is not possible, store your information securely and block usage of it until it can be erased.

We store your personal information that you have shared with us as long as there is consent or a legitimate interest to do so. As an example we will store your contact information as long as it is necessary in order to communicate with you concerning our services. Or to uphold legal requirements, manage disagreements or uphold our agreements with you.

When there no longer is a business need nor a legitimate interest to store your personal information we will erase, anonymize and if that is not possible, store your information securely and block usage of it until it can be erased. We can erase this information prior to this if you request it or remove your consent.

4. How do we share the information we collect

Service providers

We use external service providers that supply our visitors and customers with services. We may need to share information with them in order for them to supply you with their information, products and services.

The following 3rd parties might be involved in providing our services to our customers: Amazon AWS, Sentry, Github, Heroku, InsightOne Nordic.

Brain Partners

We may share the data and information with our partners that may contact you based on a request from you. This may be a service or add-on products that you request. We may also share information with partners for the following purposes: analytics, support, data enrichment or marketing. These partners may not share your personal information for other purposes than those specified.

Business events

If we, or the assets we control were to be bought by another company, through merger, acquisition, bankruptcy or similar event, that company will acquire access to all information that we gathered through our domains and services. In that case you will be notified of this, through e-mail or a clear notification in our service or on our website. We will then communicate the change of ownership of your personal information we collected and the option you have due to this event.

Required sharing of information

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

5. International transfer of information

International transfer of information within Brain or our subsidiaries

Our business is today based in Sweden and we store all information within the EU, specifically at Amazon Web Services on Ireland. We allow access to information from countries outside of the EU in order to maintain our business and services for the purposes defined in this privacy policy.

This privacy policy will be in effect no matter if we transfer your information to other countries or not. We enforce suitable security measures in order to protect your personal information.

6. Cookies and similar techniques

Cookies

Brain and our partners use cookies and similar technologies to analyze and administrate our domains and services. We track user behavior through cookies in our domains and through our services to our customers, as well as for the purpose of enriching cookies with information from third parties. If you want to know more about how we use cookies please read more above.

Geographical information that is used by our customers and visitors

Our customers may use tools and services that we provide, as well as tools and services from third parties, to collect geographical information when you visit their domains. We do not control how they use this information.

Tracking technologies from third parties

There are tracking technologies taht are provided by third parties in order to remember settings, preferences and usage such as Adobe Flash Player, but these do not necessarily use cookies but other techniques instead. These techniques can also be used to track you online.

Tracking of your behavior online by third party is not covered by this privacy policy.

Marketing

We are partners with third party ad networks and ad platforms that use cookies and enriched data to target advertising to our customers and visitors or through other websites. This targeting of advertising is based on interests or geographical information, if you do not wish information about you to be used for these purposes you may “opt out” from this i.e. choose for us to not use the cookies we placed in your browser for marketing purposes. You can do so above at the top of the page or visit: http://www.youronlinechoices.eu/. Please note that this does not mean that you will not see any ads, it just means that they will not be tailored to you.

How can you access and manage your personal information?

You have the following rights in term of your personal information:

You may request access to-, correction of- or deletion of- your personal information.
You may object to the processing of your personal information, ask us to limit the processing or request access to your personal information.
If we have gathered and processed your personal information with your consent you are able to withdraw that consent at any time. If you withdraw consent does not change the legality of any processing done prior to withdrawing consent. It will also not affect any processing that is done with other legal ground than consent.
You have the right to question the processing of personal information that we do, in that case you should contact the data protection authorities in the country where you are a resident.

In order to exercise these right please contact us by e-mail: dpo@brainnordic.com or by postal services: Digital Brain Nordic AB, Kungsportsavenyen 21 c/o Convendum, 41136 Göteborg, Sverige, Att: DPO. We will respond to your request in reasonable time and in accordance with at the time relevant legislation.

Contact

Personuppgiftsansvarig (Data Protection Officer – DPO)

Martin Bergqvist – dpo@brainnordic.com

Digital Brain Nordic AB

Kungsportsavenyen 21, 411 36 Göteborg Sverige

Data Processing by Brain Nordic Services

Background

Brainis a 1st party data service for publishers and advertisers that aim to personalize the user experience on the domains with a more personal and relevant experience both in terms of editorial content and advertising. BRAIN.MEDIA provides a secure way of doing this by relying on 1st party data and cookies. This means that the data processed and shared with the users remain in the control of the publisher to whom they granted their permission to process and store their data.

This information should be communicated by our customers to the users and visitors so that they are properly informed about the processing done by our service.

Data that is processed by us

The following data may be processed by our service:

Browser settings information, such as but not limited to: language setting, browser type, browser version, local storage, cookie storage
Browsing history information, such as but not limited to: URLs visited, time stamp, local storage, cookie storage
User login information (only when it is actively pushed by the customer to the BRAIN.MEDIA service through our secure API), such as but not limited to: e-mail, phone number, name, address, year of birth, gender.

Purpose of the processing

The purpose of the processing is to create user audiences/segments/cohorts that are as accurate as possible and linked to the website or publisher network that the users visits so that the user experience can be tailored to their specific interests, life phase or online behaviour. This will make it possible to serve more relevant content, both editorial and commercial.

Correctness and accuracy

Our goal is to provide as accurate and correct information as possible, for the sake of our customers but also for the sake of the Internet users. We operate with both probabilistic models and deterministic models to apply information. It is up to our customers (the publishers) what information they want to leverage and what level of exactness they wish to attain. Depending on what information is pushed to the service it sets the limit as to the accuracy possible for the service.

Legal ground

As our customers, the publishers, are data controllers we act as data processors, legal ground is established by the data controllers. We recommend that our customers properly evaluate their legal ground, with poper legal advice, and to the extent possible rely on consent as their legal ground for processing data through our service.

Data that is stored by us

The following information may be stored by our service:

Random Brain Cookie ID, 1st & 3rd party
Cookie-matched IDs (the IDs that are matched to other platforms), 1st & 3rd party
One-way encrypted personal identifiers: name, address, e-mail, phone number
Attributes linked to the IDs, such as but not limited to: Life phase, household composition, tenancy, car ownership, online interests.

Data exported by us

The following information may be transfered outside of the service, but always in alignment with the data processing agreement we have with our customers:

Grouped cookie-matched IDs (the IDs that are matched to other platforms), 1st & 3rd party
Audience/segment/cohort description linked to the above mentioned grouped IDs
On-page attributes (audience attributes exposed in real time on the page for other systems to respond to with content) without any IDs (ID-free export)

Privacy by design

At the core of the BRAIN.MEDIA 1st party data service is the protection of the integrity of Internet users. When the service was first designed we decided that we should not hold any personal information in clear text. This means that Internet users can feel safe in that we do not hold any information that can identify them, unless they provide the information anew.

In practice this means that if a publisher uses our service that leverage login data into audiences the publisher needs to provide the user information again in order for our service to find the user. This means we do not hold any Personally Identifiable Information that could let us identify the user on our own.

The public IDs exposed in the browsers are random in nature, no matter what data processing has been done the ID set in a user browser is randomly generated. Giving an additional layer of protection for the users integrity.

As the service is based on 1st Party Data the users, IDs and audiences become directly linked to the domain that the users visits, the domain the user grants permission to and the domain owner that have the agreement with Us. This makes our service more secure and significantly decreases the risk of user data being used outside of the context of where the permission was granted.

Sub-processing limiting

Avoiding exposure of aggregated data and not passing multiple data variables to sub-processors is another way of creating privacy by design. Because it is in the connection of different data points that users may be identified. By limiting the data passed to any given sub-processor to the absolute minimum necessary, as well as removing user identifiers from the processing, we are able to avoid this. This means using different providers for different parts of the data processing, so that no single sub-processor will have enough information to identify a user.

The following information may be processed by Brain Nordic in relations to the services we provide:

Browser information - information available upon a page view on any customer domain that have integrated to Brain Nordic services:
- Browser settings
  - Language
  - Cookie settings
  - Plugins
- Device settings
  - Screen resolution
  - Local storage settings
- Connection information
  - Connection type
  - Connection speed
  - IP-address
- Browser URL
  - URL-definition
  - URL content
  - URL events
Storing of information on user devices - what cookies or other identifiers do we set in a visitors browser:
- Cookies or IDs:
  - 1st party cookies - local domain
  - 3rd party cookies - dep-x.com
  - Custom cookies for custom purposes, on demand from Customers only
Data processing - what processing of information do we do:
- Connecting browser cookies/IDs to URLs visited
- Connecting browser cookies/IDs to geographical information (zip codes) with time stamps
- Exporting 3rd party matched cookies/IDs to other platforms for advertising purposes
- Exposing content categories upon page view in real time for advertising or content purposes

TCF-framework - Brain Nordic is a registered Vendor

As a member of IAB Sweden and with a background in the Swedish publishing industry, personal integrity and privacy has always been at the forefront of Brain Nordics mindset when delivering and building our services.

Ranging from built-in “Privacy By Design” features that does not allow for us to store any personal information in cleartext, to cookie-free methods of delivering personalised experiences in publisher domains.

We actively strive to maintain the highest privacy standards when handling, collecting and storing personal data as well as enabling stakeholders to be GDPR compliant. Brain Nordics is registered with the Swedish data protection authority, Datainspektionen, and at all times strives to conform with their regulations.

In addition to that, we work closely together with our customers to ensure that they are compliant when collecting and handling personal data. We actively provide assistance and guidance on how to achieve GDPR compliance, as well as providing advice on practical steps to take in order to ensure maximum safety for user information.

Furthermore, Brain Nordics provides a secure platform with built-in features such as encryption at rest, two-factor authentication and certified secure services. This ensures that stored user data is protected from unauthorised access, and helps our customers to minimise the risk of any security breaches.

We believe in a privacy-by-design approach and continuously work on developing and improving our products to ensure that customer information remains safe with us. Our team consists of experienced developers who are passionate about data security and privacy, and our policies are also regularly reviewed to ensure that they comply with all applicable laws.

Attestation of the TCF

TCF is one of our top priorities and we have taken various steps to stay compliant. We have implemented measures to ensure that user data is processed in accordance with the GDPR, as well as other international laws such as the California Consumer Privacy Act (CCPA). All customer data stored on Brain Nordics is protected by 256-bit encryption and securely transmitted via secure protocols such as HTTPS. We employ rigorous internal security practices to ensure the safety of all customer data and regularly conduct audits and tests to maintain our compliance with TCF.

We are committed to providing a safe and secure environment for our users, and that is why we have implemented the Transparency & Consent Framework (TCF). Through TCF, Brain Nordics gives you control over your own data, allowing you to make informed decisions about what data is collected and how it is used. We also obtain your consent before any of your personal information is shared with third-parties for marketing purposes.

We take data privacy very seriously at Brain Nordics, and we are fully committed to ensuring that our customers' data remains secure and protected. As part of this commitment, we have implemented the strictest industry standards for data protection and security. We use state-of-the-art encryption technologies to ensure this.

We also provide detailed documentation on our website about how we store and process customer data, so that you can make informed decisions about how your personal information is handled. Additionally, we regularly conduct audits and tests to validate our data protection measures and ensure that customer data is protected.

Finally, we will never sell or rent your personal information to any third-party companies without your explicit consent. We will also obtain your consent before any of your personal information is shared with third-parties for marketing purposes. If you have any questions about our privacy and security policies, please contact us directly.

As we are not in control of the domains that we process on behalf of our customers it is the publisher or advertisers that establish legal ground for the processing of data, but we require our customers to have a CMP in place or have active plans to implement such a platform in order for them to be eligeble for our services.

We also allow users to opt out from processing of their data through an opt out service provided by us above.