Caroda s. r. o., Id. No.: 05296072 is a company incorporated under the laws of the Czech Republic with its registered office at Na Pankráci 1618/30, Nusle, 140 00 Praha 4, Czech Republic (“Caroda”)
Caroda is in the following lines of business, each of which has its own privacy policy:
This Privacy Statement covers only the data processed by Caroda in connection with AdTech.
Caroda provides a programmatic advertising technology platform focused on video advertising. Caroda platform enables our customers, who are mostly publishers, to
At Caroda we do our best to protect user's privacy and as such, we have a strict policy on what information is processed and for what reason. We're a registered IAB TCF Vendor.
In the provision of AdTech services, Caroda, by design, does not require and therefore does not process any personal data within the meaning of GDPR.
We process certain information about data subjects as set out below. By design, we do not process any information about data subjects that would fall within the definition of personal data under GDPR, as the data subjects are not identifiable based on the data we collect. We don’t aggregate any user-associated profiles whether, anonymous or non-anonymous.
3.2.1. Data processed
Caroda platform selects ads to be displayed based on user’s:
a) Operating system;
b) Browser type and its configuration;
c) Country;
d) Language of site;
e) Page urls where ads are delivered.
3.2.2. Purpose
We believe it beneficial to the person viewing the ad that they understand the language of the ad, the ad is relevant to where they are located, and that the ad is relevant to their interests as judged by the content of the site they are viewing. The same is very important for advertisers as these factors heavily impact the effectiveness of any ad. Knowing the exact browser type and operating system is crucial to understand if a creative can be delivered correctly and to prevent advertisers loses due to technical reasons.
3.2.3. Technical means
All campaign targeting information is exposed on runtime for every separate ad placement. This allows our software to perform the ad selection process on the user’s browser rather than our servers. We store campaign history on the browser side by using local storage in order to be able to enforce capping by user impressions.
3.3.1. Data Processed
Caroda processes the following user data to measure ad performance.
a) Device Type;
b) Country;
c) User interaction with advertising creatives.
3.3.2. Purpose
It is crucial for both publishers and advertisers to understand the geographical distribution and preferred user experience for the ad opportunities. This allows them to plan advertising creatives that work well based on past data.
The user data is combined with our advertising player tracking, allowing to clearly differentiate different types of behaviors for both different countries and different device types (desktop, mobile, tablet).Our advertising player tracking includes all of the IAB VAST event types described under the VAST4 standard and custom indicators for opportunities, advertising delivery, viewability and unique impressions.
3.3.3. Technical means
All ad performance related data is collected through a typical ad tracking endpoint, that takes parameters specified in 3.3.1. from the url of the requests. The requests are crafted at runtime.
A list of previously viewed campaigns is stored in local storage. This allows us to conditionally trigger unique impression counting without requiring a profile, anonymous or non-anonymous, to be sent.
3.4.1. Data Processed
To ensure security, prevent fraud and debug, Caroda collects to following user data:
a) A small sample of detailed advertising player logs stored on the user’s browser;
b) Results of browser feature tests to detect bots and fake traffic.
3.4.2. Purpose
Part of our company's mission and one of our main differentiating factors is to ensure video advertising creatives are displayed in an as reliable way as possible; above market standards.
One of the challenges of building a software that runs on millions of devices is that sometimes, rare incidents happen where we can not replicate problems that happen in the real world. In order to deal with this, we collect detailed run logs, containing no personally identifiable information, from a small percentage of the users. This information often is enough to do a blind fix of a reported issue, even when it’s not possible for us to replicate a reported issue.
In addition to this, we also need to be able to discriminate against fake traffic to protect our advertisers from overspending and publishers from lowering inventory valuation.
3.4.3. Technical means
A detailed log is stored on the user’s side by using the IndexedDB feature. The log can be explicitly saved by a console command when debugging specific issues. A small percentage of all run logs are centrally collected on our side in order to debug widespread rare issues.
We test for bots are done by both positive and negative tests by trying to run code supposedly incompatible with what a bot could do, and tests incompatible with a normal browser would do. The results are stored as part of the previously mentioned logs.
All previously mentioned purposes are in part about technically delivering ads. No additional data is processed other than what is mentioned at 3.2, 3.3 and 3.4.
We take privacy very seriously at Caroda and for that reason we always use the least intrusive way we can use to solve any of our data problems. All of the mentioned data above is the least intrusive way we know of in order to accomplish the mentioned purposes.
All of the data processing in relation to the mentioned purposes at 3.2, 3.3, 3.4 and 3.5 are essential to our business model and the data process only narrows vague groups to which any user belongs. Based on our legitimate interest analysis, we believe that the legitimate interests described in the mentioned purposes greatly outweighs the small cost of having very vague data collected about an individual.
By design, Caroda is a platform enabling our customers to use other advertising software products, such as SSPs, DSPs, ad servers, banner scripts, etc. We don't share any of the collected information with any of the integrated sources or any other party other than the publisher.
We however, don’t assume responsibility on how other advertising solutions are used by integrating them through our platform. In order to read more about any specific SSP integrated through our platform, please visit their website or contact them directly.
We are not a controller of your personal data as we do not process any. If you feel that we do, you can contact us regarding a suspected use of personal data at:
Registered office: Na Pankráci 1618/30, Nusle, 140 00 Praha 4, Czech Republic
Phone: +420 728 458 583
E-mail: privacy@caroda.io
ID of the government mandated address for official electronic communication (in Czech: “datová schránka”): ffkzik6
If you believe we are processing your personal data and doing so incorrectly, you can contact us or lodge a complaint with the supervisory authority, which is the Czech Office for Personal Data Protection.
You can always ask us to
You can only request access to your personal data. If you want to apply for the exercise of someone else's right, you must have a power of attorney from them. You can submit this request in any way, including e-mail. However, the authorized employee is obliged to verify your identity, so he / she may ask you to prove your identity.
We will usually inform you about the measures taken in response to your request within one month. However, in some complex cases, we may extend the deadline.This request and its processing are free of charge. However, in justified cases, we may demand reimbursement of certain costs (e.g. the price of a portable disk, on which you are provided with a list of all personal data that we process about you).
The current privacy statement is subject to change. We do take responsibility to correctly display the date of enforcement and also to inform all of our customers of any changes to this statement.
This version of this Privacy Statement was issued as at 09 September 2024.