Advertising Services Privacy Policy
Last updated: June 2, 2025
ABOUT US
Our Corporate Details
The company Onfocus SAS whose headquarters are located at 450 Rue Baden Powell, 34000 Montpellier, FRANCE is represented by Mr Anh-Tuan GAI in his capacity as President and cofounder of the company. Onfocus SAS operates under the trade name Adagio.
Scope of this Policy
This Advertising Services Privacy Policy (“Policy”) applies to personal data Adagio processes with its Services. It does not apply to personal data Adagio uses in a business-to-business capacity, such as when you visit our corporate website, receive marketing communications from us, or utilize any dashboards or internal tools we make available to our business users. Our privacy practices as to that information can be found here.
We are headquartered in France but have operations around the world. This Policy applies globally, including for residents of the European Economic Area, the United Kingdom, or Switzerland, where personal data is subject to the GDPR.
Our Business
The Adagio advertising technology services (the “Services”) connect sellers who offer advertising inventory on websites, mobile applications, or other digital properties (collectively “Publishers”) with buyers of that inventory. As an independent, Publisher-focused Supply Side Platform (“SSP”), Adagio’s solutions help Publishers of all sizes monetize their digital properties and maximize the value of their advertising inventory. Our Services enable Publishers to instantaneously connect with buyers of their choice to sell their inventory through real-time bidding (“RTB”). Publishers can also select our server-side header bidding solution which allows multiple buyers to simultaneously bid on the Publisher’s inventory, enabling the winning Publisher to maximize revenue because of the competition.
Our Ethos
Adagio attaches great importance to our use of personal data in operating our Services. In order to provide you with clear and easily accessible information, this Policy describes how we collect, use, and disclose personal data, and the choices or rights you may have with respect to our processing of your personal data.
Adagio participates in the Global Privacy Protocol, a technical solution developed by the Interactive Advertising Bureau (“IAB”) designed to streamline the transmission of consumer choice signals across digital advertising participants. In Europe, Onfocus (Adagio) participates in the IAB’s Transparency & Consent Framework (“TCF”) and complies with its specifications and policies as required by the French Data Protection Authority (CNIL). Adagio’s identification number as a vendor within TCF is #617.
Our Role
Most of the time, Adagio acts as an independent data controller in operating its Services. In certain data processing scenarios, Adagio and its customers or other participants in the digital advertising ecosystem may act as joint controllers, provided this has no effect on your ability to exercise your privacy choices with Adagio as set forth below. In certain other data processing scenarios, Adagio acts as a data processor based on the instructions of its customers. When we are in this role, our customers decide how and why your personal data should be used. You can find this information in their privacy policies.
Our Data Protection Officer
Adagio has appointed a data protection officer (our “DPO”) who is responsible for ensuring Adagio complies with all regulations in force in terms of data protection and privacy. Should you have any questions related to this Policy, please contact our DPO by email at dpo@adagio.io or by postal mail at our registered office address indicated above.
TABLE OF CONTENTS
- WHAT DATA DO WE COLLECT?
- HOW DO WE COLLECT YOUR DATA?
- HOW DO WE USE YOUR DATA?
- OUR TCF PURPOSES AND LEGAL BASES
- OUR LEGITIMATE INTERESTS
- HOW LONG DO WE STORE YOUR DATA?
- HOW DO WE SHARE YOUR DATA?
- INTERNATIONAL DATA TRANSFERS
- AUTOMATED DECISIONS
- WHAT ARE YOUR DATA PROTECTION RIGHTS?
- HOW DO WE SECURE YOUR DATA?
- CHANGES TO THIS PRIVACY POLICY
1. WHAT DATA DO WE COLLECT?
In operating our Services, we collect certain information about you (a “User”) that is collected automated from your device, generally through cookies and similar tracking technology, as further described in Section 2 below. We do not knowingly process personal data that could directly identify you, such as your name, email, address, phone number, or other offline information. However, the information is considered personal data under applicable laws in certain jurisdictions, including the European Economic Area and the United Kingdom.
Personal data generally means any data that identifies or that can be linked to an individual, including pseudonymous personal data which is data that cannot reasonably be linked or attributed to you without the use of additional information. For example, an email address might be altered into a unique code or identifier. Some data, like cookies or other tracking data, is already pseudonymous at the point of collection because it doesn’t directly include your name or contact details but can still be linked back to you when combined with other information.
Adagio collects the following categories of personal data in our databases:
| IP addresses | Your IP address is a number assigned by your Internet Service Provider to any Internet connection. It is not always specific to your device and is not always a stable identifier. |
| Device characteristics | Technical characteristics about the device you are using that are not unique to you, such as the language, time zone, or operating system. |
| Device identifiers | A device identifier is a unique string of characters assigned to your device or browser by means of a cookie or other storage technologies. It may be created or access to recognize your device, e.g. across web pages from the same site or across multiple sites or apps. |
| Probablistic identifiers | A probabilistic identifier can be created by combining characteristics associated with your device (the type of browser or operating system used) and the IP address of the Internet connection. If you give your agreement, additional characteristics (e.g. the installed font or screen resolution) can also be combined to improve precision of the probabilistic identifier. Such an identifier is considered “probabilistic” because several devices can share the same characteristics and Internet connection. It may be used to recognize your device across web pages from the same site or across multiple sites or apps. |
| Browsing and interaction data | Your online activity such as the websites you visit, apps you are using, the content you search for, or your interactions with content or ads, such as the number of times you have seen specific content or a specific ad or whether you clicked on it. |
| Non-precise location data | This is an approximation of your location, expressed under the TCF as an area with a radius of at least 500 metres. Your approximate location can be deduced from the IP address of your connection. |
| User profiles | Certain characteristics (e.g. your possible interests, your purchase intentions, your consumer profile) may be inferred or modelled from your previous online activity (e.g. the content you viewed or the service you used, your time spent on various online content and services). |
| Privacy choices | Information about your privacy choices regarding the processing of your personal data which we receive from our Publishers through their CMPs or otherwise through the GPP or TCF frameworks. |
2. HOW DO WE COLLECT YOUR DATA?
The Adagio Services facilitate real-time bidding for our Publisher customers, an automated process that enables sellers and buyers of advertising inventory to evaluate opportunities and respond with prices where the winning bidder is able to instantaneously place its advertising by automated means. Bid opportunities in the ecosystem generally rely on the sharing of information that constitutes personal data, such as User IDs.
Adagio receives personal data from our Publishers who are responsible for their Consent Management Platform (“CMP”) settings to provide notice and choice to Users regarding the Publisher’s disclosure of personal data to Adagio.
In the digital advertising sector, Publishers use our Services to better monetize their advertising spaces. In that context, there are exclusive deals between the Publishers and technical providers such as Adagio even on an identified inventory in specific agreements such as the private deals. As required by French law, we maintain an up-to-date internal register of all Publishers with whom we have active agreements. While the list of Adagio Publishers changes regularly due to the media selling business structure, you can request further information by submitting a request to privacy@adagio.io or through our Privacy Center.
To operate our Services Adagio matches our User IDs (created when our technology identifies a User without a cookie in our system) with the proprietary User IDs of other RTB participants, including other Supply Side Platforms, Ad Exchanges, and Demand Side Platforms. This involves Adagio receiving access to these other User IDs, including through cookie syncs, and setting up mapping tables to associate Adagio’s identifiers with those of its partners and customers.
3. HOW DO WE USE YOUR DATA?
Adagio markets technological solutions for attention trading based on proprietary tools to predict the exposure of advertising spaces and how long each advertising impression will be viewable. These innovative solutions have, in particular, the benefits of optimizing the monetization of Publishers' advertising spaces.
In that context the data is used for the following purposes:
- to perform Adagio Services for Publishers;
- to improve the Adagio technology;
- to perform in advertising and predict the attention on an ad.
Our purposes of processing as a data controller are set forth in more detail in Section 4 below.
Adagio is authorized to perform on behalf of Publishers all processing necessary to execute the Services. In certain circumstances we may act as data processor of Publishers. For example, Adagio may receive access to, but does not store, authentication-based identifiers. These are identifiers created from data such as contact details associated with online accounts you have created on websites or apps. To exercise your privacy rights with respect to such data, please contact the Publishers where you hold your accounts.
4. OUR TCF PURPOSES AND LEGAL BASES
Adagio processes personal data for the following purposes and lawful bases in accordance with Article 6 of the GDPR. Where both consent and legitimate interests are indicated below, we process your personal data by default on the basis of our legitimate interests only where such processing does not require consent under applicable law. Our Publishers may obtain your consent for these purposes through their CMP settings, in which case we will process the personal data based on your consent.
| Purpose | Lawful Basis | Description |
|---|---|---|
| Store and/or access information on a device | Consent | Most purposes explained in this notice rely on storing or accessing information from your device when you use an app or visit a website. This information may be cookies, device, or similar online identifiers (e.g. randomly assigned identifiers, network based identifiers) together with other information such as browser type and information, language, screen size, supported technologies etc. The information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. |
| Use limited data to select advertising | Consent or Legitimate Interests | Publishers may share limited data with Adagio, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you). Adagio uses this limited data to help publishers offer their advertising inventory for purchase. |
| Create profiles for personalised advertising | Consent | Information about your visits to websites or applications across various devices (such as the content you look at) can be stored and combined with other information we receive about you from other websites or apps. We may match this information across your devices and digital activities and may also make inferences about you based on our information of similar users. This is then used to build or improve a profile about you that might include your possible interests. |
| Use profiles to select personalised advertising | Consent | Adagio uses information from advertising profiles to help publishers improve the value of their advertising inventory so buyers can present advertising to you that appears more relevant based on your possible interests. |
| Measure advertising performance | Consent or Legitimate Interests | Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns. |
| Measure content performance | Consent or Legitimate Interests | Information regarding which (non-advertising) content is presented to you and how you interact with it can be used to make advertising predictions such as whether an advert is likely to be visible on the screen. Examples of non-advertising content include whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on an application or on web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you. |
| Develop and improve services | Legitimate Interests | Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers. |
| Ensure security, prevent and detect fraud, and fix errors | Legitimate Interests | Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them. |
| Deliver and present advertising and content | Legitimate Interests | Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device. |
| Save and communicate privacy choices | Legitimate Interests | The privacy choices you make when you visit websites and applications such as consenting to the use of profiles for personalized advertising or not consenting are saved and made available to us in the form of digital signals (such as a string of characters). This enables us to respect your choices. |
5. OUR LEGITIMATE INTERESTS
Adagio relies on the legal basis of our legitimate interests (Article 6(1)(f) GDPR) in processing personal data for certain purposes identified above, except where such interests are overridden by your fundamental rights and freedoms which require protection of personal data. For each of these purposes, Adagio has conducted a detailed legitimate interest assessment (LIA) to specifically identify our legitimate interests and has carried out a balancing test to confirm that the fundamental rights and freedoms of the individual do not override our legitimate interests in using personal data for these purposes.
Your Right to Object
Where we are relying on our legitimate interests as a legal basis for processing, individuals in the EU/EEA/UK have the right to object to our processing of their personal data at any time by contacting us at privacy@adagio.io. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
6. HOW LONG DO WE STORE YOUR DATA?
We retain personal data only for the duration necessary to fulfill the purposes for which it was collected, or as long as we have an ongoing legitimate business need to use the data to provide our Services or we have a legal or compliance reason to do so.
Cookie data in our databases is retained for a maximum period of 60 days from the time of initial collection unless you exercise your right to opt-out. We retain personal data for measurement purposes and to ensure technical compatibility for 60 days, after which it is deleted. Anonymized data, which is not personal data, may be retained for up to 18 months.
If we receive an opt-out request from you or if you withdraw your consent, we will delete your personal data connected to your cookie ID as soon as technically feasible and within the timeframes required by applicable laws. Your opt-out is specific to your opted-out browser or device where we have placed an opt-out cookie. Adagio may also process mobile advertising identifiers specific to your device. To opt-out of our use of your mobile advertising identifier, you have the right to reset or modify these identifiers through your device settings at any time.
7. HOW DO WE SHARE YOUR DATA?
Below are the categories of recipients we share your information with.
- Our Publisher customers, for example, to report on the performance of an ad and to help our customers understand how often they are serving an advert to the same individual and to help them optimize the campaigns.
- Participants of the advertising ecosystem such as advertising exchanges, data management platforms, demand side platforms, supply side platforms, publishers, and advertisers, to be able to participate in RTB activities and enable the delivery of personalized advertising and associated activities.
- Our processors that assist us in providing our Services, such as hosting providers.
- Corporate third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings).
- As we believe necessary and appropriate: (a) under applicable law; (b) to comply with legal processes and obligations; (c) to respond to requests from competent public and governmental authorities, subject to appropriate safeguards for international transfers; (d) to enforce our terms and conditions; (e) to protect our legitimate business operations; (f) to protect our rights, privacy, safety or property when we have a legitimate interest that is not overridden by your fundamental rights and freedoms; and (g) to establish, exercise, or defend legal claims.
8. INTERNATIONAL DATA TRANSFERS
In order to provide our Services, your personal data may be transferred to our clients, partners, or service providers.
We process personal data of individuals in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK) using servers located in Belgium and the Netherlands. For transfers outside the EU/EEA/UK, we ensure compliance with GDPR Article 46 through: (i) transfers to countries with EU Commission adequacy decisions (a list of these countries and the respective adequacy decisions is available at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), (ii) implementation of other appropriate safeguards under the GDPR, including standard contractual clauses and/or supplementary measures including transfer risk assessments. These mechanisms ensure equivalent data protection standards to those in the EU/EEA/UK.
We apply similar appropriate and suitable safeguards to other jurisdictions that require similar protections. You have the right to ask us for more information about the safeguards we have in place. Please contact us at privacy@adagio.io if you would like further information (which we may redact to ensure confidentiality).
9. AUTOMATED DECISIONS
Adagio engages in automated processing of personal data, which may include profiling as defined under Article 4(4) of the GDPR and other applicable laws. Adagio does not, however, carry out profiling that produces legal or similarly significant effects or automated decision-making as defined under the GDPR (Art. 22 GDPR). You have the right to object to profiling activities at any time through our Privacy Center.
10. WHAT ARE YOUR DATA PROTECTION RIGHTS?
Opt-Out or Withdraw Your Consent.
Regardless of where you are located, we offer all individuals a right to opt-out of our databases if you do not want your online activity to be used for any of the purposes described in this Policy.
In situations where we rely on consent to process your personal data, you may withdraw your consent at any time. Please be aware that withdrawing your consent does not affect the lawfulness of the processing of your personal data based on consent before its withdrawal.
Please visit our Privacy Center to opt-out or withdraw your consent.
Your Privacy Rights.
Depending on where you reside, you may have different legal rights with respect to your personal data and how we may process it. In accordance with the applicable regulations, you may exercise your rights of access, deletion, objection, rectification, portability, or restriction. Please visit our Privacy Center to submit a request.
If you make a privacy rights request, we will respond to your request without undue delay and in any event within one month of receipt of the request. This period may be extended by two additional months where necessary, taking into account the complexity and number of requests, in accordance with Article 12(3) of the GDPR or as otherwise permitted by applicable law. We will inform you of any such extension, together with the reasons for the delay.
Please note that while Adagio primarily identifies users through cookies deployed in your web browser and does not typically store directly identifiable information such as names or email addresses, we are required to verify your identity in accordance with reasonable measures when processing your rights requests. Therefore, while we strongly recommend using our Privacy Center for the most efficient processing of your requests, you may also submit requests via email to privacy@adagio.io, though additional steps may be required. Additionally, if you use several devices or web browsers, you may need to repeat your request for each access point. Your right to erasure may be limited if we are required to maintain personal data due to a legal obligation to which we are subject or for the establishment, exercise or defence of legal claims.
Right to lodge a complaint.
You can file a complaint with the relevant supervisory authority on the basis of your rights, in particular the Member State of your residence if you are located in the EU/EEA. A list of the European data protection authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. Adagio's lead supervisory authority under Article 56 of the GDPR is the Commission Nationale de l'Informatique et des Libertés (CNIL) in France. However, we respectfully request that you contact us first at privacy@adagio.io.
11. HOW DO WE SECURE YOUR DATA?
Adagio implements necessary security measures to protect your information from unauthorized access, damage, disclosure or destruction of the data we have collected. Indeed, Adagio places particular importance on the security of personal data by implementing appropriate technical and organisational measures in accordance with Article 32 of the GDPR and Article 121 of the French Data Protection Act, including encryption, pseudonymization, and regular security assessments to protect against unlawful processing or communication to unauthorized persons. However, please note that no method of transmitting or storing information is completely secure.
12. CHANGES TO THIS PRIVACY POLICY
Adagio may change or update this Policy at any time. Any changes or updates we may make will be posted on this website. If we make material changes to this Policy, we will notify you through prominent notice on our website and, where you have an account with us or have provided your contact information, through direct communication at least 30 days before such changes take effect.
Prior versions:
- August 27th, 2024