Privacy

Privacy and the protection of personal data of individuals are important topics in today’s society. Aqua Platform has taken great care to design a technical platform and a set of operating procedures to ensure we can live up to the expectations of our clients and the requirements of the relevant legislation and regulations.

Our commitment to privacy

Aqua PlatformAqua Platform is a hosting provider. That means we take care of any and all technical aspects for our clients when it comes to hosting their systems. More specifically, we specialize in hosting the free, open source Revive Adserver software.

Contrary to so many other vendors in the ad tech industry, our business model does not rely on collecting, processing, analysing, storing, or selling personal data about users of the internet. Instead, our guiding principle has been Privacy by Default.

We create value by operating servers and networking as efficiently as possible, while still maintaining a high level of service for our clients, and by enabling our clients to use the software hosted on these facilities to run their advertising businesses. We do not get involved in the business of our clients, other than providing technical support for the software.

Our technical platform, meaning servers and networking facilities, have been designed to need as little personal data as possible. For example, in order for the staff members of our clients to be able to log in on their accounts, we provide usernames and store their e-mail addresses so we can send password reset emails, but we do not collect any other personal data about them. Simply, because we have no need for those.

 

About Aqua Platform

Who we are

Aqua PlatformAqua Platform is a company in The Netherlands. We’ve been in business since January 2015. Our website address is: https://www.aquaplatform.com. More information about us can be found on our Company Details page on this website.

Is this page for me?

Here are some guidelines to determine if this page has information relevant for you.

I'm a member of the public

As a member of the general public, you are more than welcome to continue reading this page, but please keep in mind that we are unable to help you with your questions about your privacy, or the protection of your personal data. We do not collect, process or move your personal data, or at least we do not control those activities.

If you’re concerned about how another business deals with your rights with regard to your personal data, you should contact that business directly, even if you have reason to believe that the business is a client at Aqua Platform.

I'm a client at Aqua Platform

As a client of Aqua Platform, we hope you can benefit from the information we’ve put together on the page below, so that you can better fulfil your own obligations with regard to privacy, the processing of personal data, and data protection in general. And of course: thanks for being our client, we very much value your business!

I'm considering to join Aqua Platform as a client

As part of your research before signing up as our newest client, it could be beneficial to study the information below describing how Aqua Platform treats personal data, and how we’ve implemented our commitment to privacy and data protection. And of course, if you like what you see, then please feel free to sign up and join a long list of loyal clients.

GDPR – General Data Protection Regulations

If you work in the digital advertising industry, you must have heard about GDPR by now. So a very brief introduction should be sufficient. Here are a few questions you might have:

What is GDPR?

GDPR is an acronym for “General Data Protection Regulations”, which is a law that was adopted by the European Parliament in the autumn of 2015 and which came into force on May 25, 2016. There was a 24 month implementation period, and as a result the enforcement of GDPR commences on May 25, 2018.

GDPR oversees the collection, processing, and movement, of personal data about individuals residing in one of the 28 EU states and 4 other European states that also adopted these regulations.

Where does GDPR apply?

Companies and organisations that operate in the area governed by GDPR will have to be compliant with the regulations, even when they are based outside of the EU, if the Data subject involved is an individual who resides in the EU.

Can't we just ignore GDPR?

Every business, anywhere in the world, that has activities involving citizens of or individuals residing in the EU, must comply with the requirements of GDPR.

What are the penalties for non-compliance?

Not complying with the regulation can result in administrative fines of 4% of Gross Global Revenue of the organisation found to be in violation, or 20 Million Euro, whichever of the two is greater.

Should we seek legal advice?

GDPR is an extremely complicated set of rules, and it is actually much more a legal matter than a technical matter. Aqua Platform is not qualified to provide legal advice, so this page should be considered to be simply informative. We recommend that you consult with a lawyer or a qualified expert in order to be fully compliant with GDPR.

What is a Data Controller and a Data Processor?

GDPR introduces three important roles, which affect the rights and responsibilities an entity has. The three roles are:

  • Data Subject: a natural person from whom data is available and who should be able to determine how their data will be collected, stored, and/or moved;
  • Data Controller: a legal or natural person controlling the processing of personal data belonging to a Data Subject;
  • Data Processor: a legal or natural person performing the processing of personal data belonging to a Data Subject;

Instead of trying to go into the details of what a Data Controller and a Data Processor is and how it is determined whether you are the former, the latter, or both, we recommend having a look at the article by Sagara Gunathunga on All you need to know about GDPR Controllers and Processors.

I want to learn about GDPR, where can I go?

Here are a few resources to learn more about GDPR:

The Roles of Aqua Platform

In light of the various roles defined above, we as Aqua Platform conduct them as follows:

Data controller, Data Processor, or both?

For the most part, Aqua Platform is not a Data Controller, with one exception.
Aqua Platform is a Data Processor.
Please continue reading for a more detailed explanation.

Aqua Platform as a Data controller

For the most part, we are not a Data Controller. Our clients, the publishers and other businesses for whom we provide our services, should be considered the Data Controller. In accordance with GDPR, these Data Controllers give us their instructions on Data Processing, while first ensuring that they have obtained the consent of any Data Subjects they engage with. It is the responsibility of these Data Controllers to be compliant with GDPR or other regulations. In some cases, our clients are not in direct contact with Data Subjects, instead they perform an intermediate role for their own clients, who are in direct contact with them. There is one exception: when it comes to our own website and other ways of interacting with clients, potential clients, and others who are interested in our services and our business, we process a certain amount of personal data. For example, to be able to send an invoice to a client, we need to first store and later use their name, e-mail address, business name, address and so on. In that kind of capacity, Aqua Platform is both a Data Controller and a Data Processor (more on that role below).

Aqua Platform as a Data processor

Aqua Platform can be considered a Data Processor, and for the most part that’s our only role. Our clients, or their clients, perform the role of Data Controller. Since they engage with Data Subjects, in this case people visiting their websites or using their apps for example, it is their role and responsibility to provide information about the intended use of Personal data, and to get consent from such Data subjects for doing so. Since GDPR applies to any business, by default, it is the position of Aqua Platform, that our clients and their clients must be in compliance, and therefor, we do not have to perform any of the Controller roles in such cases.

Revive Adserver hosting

Aqua Platform is a specialist technical services provider for the free, open source Revive Adserver software. With regard to privacy and compliance with data protection regulations, we hope the following information is useful for our clients.

What is Revive Adserver?

Revive Adserver is a free, open source ad serving system. The Revive Adserver project is the successor of several earlier open source projects, and has been in development by the Revive Adserver project team since 2013.

How does Revive Adserver treat personal data?

The Revive Adserver project website has a page dedicated entirely to privacy, an explanation to how it relates to GDPR, and a detailed description of how the Revive Adserver handles personal data. Our clients are recommended to study this information carefully, to incorporate the relevant parts in disclosures about the use of personal data, so that a user of the internet who interacts with an ad server system hosted by Aqua Platform can make an informed decision about giving consent if necessary.

How does Aqua Platform perform Revive Adserver hosting with regard to personal data?

At Aqua Platform, we use the Revive Adserver software without any modifications. As such, the treatment of personal data by the software is exactly as described on the Revive Adserver website. We have added a few plugins to improve and scale up the functionality for the collection of delivery statistics, but these have been designed and developed to function identically to the built-in functionality.

Processing of Personal data by Aqua Platform

As a business, it can not be avoided that we process a certain amount of personal data. Our guiding principle in such cases is always: Privacy by Default.

Does Aqua Platform process any personal data of internet users?

Essentially: No, we don’t. We’ve designed, built and configured our platform for Privacy by Default. This means that we started from a position that we do not collect and store any personal data, or anything that anyone could possibly consider to be personal data.

As an example: the servers we use to deliver the ads for our hosting customers do not have any log files enabled. When an ad request arrives on the platform, it obviously comes with an IP address from the requestor. The ad server could use that IP address for geolocation, but the ad server does not log the IP address. The web server software underneath uses the IP address in order to be able to send the response back to the requester, but it does not log the web server event either. The reason is that we do not need these log files, which are traditionally being used for things like website statistics or performance measurement. Essentially, our servers process and then immediately forget any personal data they might see.

There are just a few exceptions, when it comes to interacting with organisations and individuals with whom we have a direct business relationship. This is detailed in the next block.

Does Aqua Platform process personal data about clients?

Yes, we do. As a business, we need to be able to communicate with our clients. They need ways to contact us, and we need to be able to respond to them, and to initiate our own communications towards them. And in order to do that, we need to collect and store a limited set of personal data about the individuals representing our clients.

But, as noted before, the concept of Privacy by Default was essential here as well.

As an example: to be able to send our customers their monthly invoices, we need to collect and store their names and e-mail addresses. Fiscal legislation also dictates that we store and use their business names, postal addresses and in some cases tax registration numbers. As a matter of fact, tax authorities dictate that we keep a record of every financial transaction and the associated personal data (if any), for at least 7 years. We’re not even allowed to delete any of those.

However, dictated by Privacy by Default, we never collect any personal data that we do not absolutely need.

Does Aqua Platform use cookies?

Yes, we do, but we make a point of not processing any personal data in cookies.

We use Google Analytics to count how many visits and pageviews we get on our website, and which pages are being viewed. To comply with GDPR, we’ve enabled the anonymizeIP setting in Google Analytics, so no personal data is ever collected, let alone shared with Google.

Disclaimer

GDPR is an extremely complicated set of rules, and it is actually much more a legal matter than a technical matter. The Aqua Platform team is not qualified to provide legal advice, so this page should be considered to be simply informative when it talks about how others should comply with GDPR. We recommend that you consult with a lawyer or a qualified expert in order to be fully compliant with GDPR yourself.

Any remaining questions or concerns?

If you feel that something is unclear or missing with regard to how we handle privacy, please feel free to contact us.

Our customers can contact their assigned account manager or just open a ticket using the regular channels for support.

If you’re a member of the public, please consider using the form presented here to contact us.

Privacy note: any personal data you submit through this form will only be used to send you the response to your question(s). If you prefer to have your personal data removed afterwards, you can let us know and we will of course comply with that request.

Is Privacy by Default what you need?