Privacy Policy EU

Services Privacy Policy of Azira SAS

Last updated: 2026 January 29^th

This policy is drafted by Azira (SAS, “Azira France”, We”). If you have any questions about this policy, including any requests to exercise your legal rights, please contact us at privacy@azira.com or write to our Data Protection Officer, Prof. Dr. Christoph Bauer, at:

• ePrivacy GmbH, Große Bleichen 21, 20354 Hamburg, Germany; or
• Azira SAS, 4 RUE AUBER 75009 PARIS, FRANCE

1. Who are we and what is the scope of this policy?

As part of the provision of Services, AZIRA FRANCE acts as one of the parties enabling the delivery of mobile and targeted advertising in connection with itsPartners.

This policy describes how we collect and use information collected from third party publishers, advertisers, data partners, and third-party ad exchanges (ConsentManagement Platforms (CMPs), Publishers, Supply-side Platforms (SSPs), Real-Time Bidders, Demand-side Platforms (DSPs), Data Management Platforms(DMPs) (“Partners”) about consumers for our mobile advertising, data intelligence analytics, data enrichment, visualization and measurement tools services (“Services”).

For certain processing operations, AZIRA France is a joint controller with some of its Partners or customers.

This joint controllership is limited solely to those stages of processing for which the purposes and essential means of processing are determined jointly by AZIRA FRANCE and its Partner or customers. For other subsequent processing operations within the framework of the Services or for its own purposes, AZIRA FRANCE remains the data controller.

This policy also explains what personal data we collect about you, how we use your personal data, who is it shared with and what rights you have in relation to the same.

Please read this policy to understand how we comply with our obligations under various privacy regulations, including the French Law No 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and French Law No 2018-493 of 20 June 2018 on the protection of personal data and the General Data Protection Regulation (GDPR) applicable in the European Economic Area (EEA).

2. Are there any other policies I should be aware of?

• For the information on how we collect, use and share data collected on our website (https://azira.com/fr) , please see our Website Privacy Policy.
• For more information on how we use cookies (and similar technologies) please see our website at the following address Cookies Declaration Policy.

3. You use my personal data and for what purposes?

We may use your personal data for all or some of the following purposes:

• Targeted advertising services. We help our advertising and publishing customers provide more relevant advertising and content that is aligned with users' interests (“Targeting”). For example, we group users into audiences (“Targeting Segment”): sports fans, car enthusiasts, movie goers, travellers, and measure the effectiveness of campaigns. We also refine Targeting Segments to implement an additional Targeting Segment for users of social networks who have the same Mobile ID as that contained in the Targeting Segment (“Targeting Segment Bis”). In this context, AZIRA France also processes TC String data (more details below) to save and communicate users' choices regarding the use of tracking technologies for advertising purposes (“Saving and communication of privacy choices”). This processing constitutes a sub-purpose within the framework of targeting.
• Delivery of advertising services. We enable our customers to provide you with personalized ads based on your preferences and your browsing habits (“Delivery”).
• Data intelligence services and reporting. We transform the mobile advertising identifiers (MAIDs), approximate geolocation information and the other data we collect (detailed below) into actionable insights for our customers. To this end, we match MAIDs exposed to ads with data used to measure the impact of advertising campaigns, for example by analysing, on an aggregated and statistical basis, movements toward trade areas targeted by an advertisement. Thus, we provide customers with trend and statistical analyses, such as for identifying and optimizing trade areas and business locations, and for helping our customers make informed business decisions about consumer behaviour with trend and movement information. We provide actionable insights, patterns and commonalities to enable our customers to evaluate products and services they offer, such as enabling engagement with audiences and improving user experience of their apps and websites (“Reporting”).
• Improving our services, as a secondary purpose. We use your personal data to improve the way we work, improve our services (“Analytics”).
• Data security and fraud prevention. We use your personal data to implement appropriate technical and operational measures designed to prevent any unauthorized or unlawful access, use or disclosure of data, detect and prevent attempts at fraud, identity theft or misuse of services, and prevent accidental loss, alteration or destruction of personal data (‘Data security and fraud prevention’).

4. With whom do you collect and process my data?

Your personal data are processed for the for above mentioned purposes by AZIRA FRANCE as data controller.

For Targeting, AZIRA FRANCE is jointly determining the purpose and means of processing with Partners and is acting as joint controllers within the meaning of Article 26 of GDPR. More specifically, for the Saving and communication of privacy choices, AZIRA FRANCE participates in IAB Europe's Transparency & Consent Framework (TCF) to obtain appropriate consent from users. The TC String is a tool created by the IAB and used by AZIRA FRANCE as part of the TCF to collect users' consent or refusal to use tracking technologies for advertising purposes. In this context, IAB Europe, AZIRA France and its Partners are joint controllers within the meaning of Article 26 of the GDPR for the recording of user consent preferences.

For Delivery and Reporting, AZIRA FRANCE can jointly determine the purpose and means of processing with its clients acting as joint controllers within the meaning of Article 26 of GDPR.

6.What personal data do you collect?

5. Compliance with TCF

AZIRA FRANCE participates in IAB Europe's Transparency & Consent Framework (TCF) and complies with its specifications and policies. AZIRA FRANCE identification within the framework is 124.  

When you use an app or visit a website that uses advertising software placed by us or our Partners, we and our Partners may collect your mobile advertising identifier (MAID) from your device, internet protocol (IP) address, cookies, location data (including latitude data / longitude data), browser type, device type, connection type, carrier, time stamp, operating system and version, language preference, environment, SSP, your consent, the names of other mobile apps you use and how you browse the app or website.

You may ask to be provided with the essence of the arrangement between AZIRA FRANCE and the other joint controllers by contacting us at privacy@azira.com.

7. Where do you receive my personal data from?

We receive data from our Partners' apps and websites, including:

• For Targeting and Saving and communication of privacy choices: your personal data are collected via a Consent Management Platform (CMP) implemented on a publisher’s (owners and sellers of digital advertising space) website, APIs or mobile app. personal data may also be provided by AZIRA FRANCE’s Partners. We also collect data from other trusted third-party providers and publicly available sources such as social media sites, census data providers and certain public directories.
• For Delivery: your personal data is the Targeting Segment and the Targeting Segment Bis implemented by AZIRA FRANCE during the Targeting purpose.
• For Reporting: your Personal Data is the Targeting Segment, the Targeting Segment Bis but also the Personal Data provided by real-time bidders providers or other Partners concerning the performance of the delivery campaigns.
• For Analytics: your personal data corresponds to the personal data collected in the three above-mentioned purposes (Targeting, Delivery and Reporting).
• For Data security and fraud prevention: your personal data corresponds to the personal data collected for the first three purposes mentioned above (Targeting, Advertising and Reporting).

8. What lawful basis do you rely on for using my personal data?

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

‍

‍

9. What security measures does Azira France implement for your personal data?

• Where feasible, we shall encrypt your personal data where it is in transit or at rest. By default, AZIRA FRANCE database system is encrypted at rest.
• We replace MAIDs with hashed identifiers, aggregate our other data points and cluster location data so that it is pseudonymised.
• For operational purposes, location precision is reduced, and data is aggregated, along with strict retention delays.
• We retain MAIDs internally in their original form to cater to our customers' request for targeted advertising, measurement and matching. This data is stored separately from the pseudonymised data.
• We do not seek to create analytics based on sensitive personal information (for example, religion or credit worthiness).
• Data used to Targeting Segment is pseudonymised. We may assign our own "Azira ID" to replace your MAIDin our internal systems for your browser, computer or mobile device when we serve an advertisement to it or we identify it on a Partners' website or app.
• We require all our customers andPartners with whom we share user data with to comply with applicable data protection laws. We also do not permit any customers and Partners to use our services for (a) employment, credit or health care eligibility checks; (b) insurance eligibility, underwriting, or pricing services; or (c) unlawful tracking or surveillance of individuals.
• We follow a practice of “Least Privilege Access”. This principle is the practice of limiting access rights for users to the bare minimum permissions needed to perform required job functions, and thus differs from job-to-job and employee-to-employee.
• Datais filtered and removed to ensure that fraudulent data falsely attributed to data subjects is removed and that GDPR rights are observed. Data retention policies ensure that only adequate data is retained and for a limited time. Location accuracy is reduced at the end.
• Access to raw data is limited by role and business need. This data is only used in the context of building audiences for advertising, after being aggregated.
• We have executed a Data Processing Agreements (DPA) with all our data processors to ensure that they all implement sufficient technical and organizational measure and comply with the highest standards on IT security.

10. Who do you share my personal data with?

• Customers, for the provision of our Services. Where our customers need MAIDs for the purposes of serving targeted advertising, measurement and matching, we will provide MAIDs in their original form for this purpose.
• Business partners, suppliers and subcontractors for the performance of the contract we enter into with them, for example for website hosting and email delivery services, running campaigns or to perform campaigns analytics. Third parties that support us in targeted advertising include: Google Cloud, Google Workspace, Meta, SSP, Adsquare, Bidswitch, KairosFire, Okube, Happydemic, and Freewheel Comcast.
  Other companies within the Azira group may actas subcontractors and access your personal data in this context. You can find a list of these companies here.

• Regulators/ Authorities/ Enforcement Agencies if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
• Third parties who may be involved in changes to the capital structure of our company.  In this case, you will be informed of any changes concerning your personal data.

11. Where do you store and transfer my personal data?

We store your data on our servers in France and within the EEA.

For individuals in the EEA, we may need to transfer your personal data outside of the EEA to (i) third-party processors and/or (ii) Azira group entities located outside the EEA acting as processors.

Whenever we transfer your personal information outside of the EEA, we set up appropriate safeguards to ensure an adequate level of data protection.

Some transfers may take place to countries that offer an “adequate” level of protection for personal data. Where a transfer is made to a country that is not recognized as “adequate”, we have entered into Standard Contractual Clauses approved by the European Commission and implemented the necessary supplementary measures, such as data transfer impact assessments. These mechanisms ensure that the level of protection of your personal data remains equivalent to that applicable within the EEA.

12. How long do you keep my personal data for?

• For Targeting: your Personal Data is stored as raw stored for 5 days in AZIRA FRANCE’s database then minimized and aggregated. It is then stored as aggregated data for 90 days. After the retention period define herein, raw datais definitely deleted from AZIRA FRANCE’s databases.
• For the Saving and communication of privacy choices, if the user consents, the TC String is collected and processed for a period of 6months. At the end of this period, AZIRA FRANCE permanently deletes the TCString. For Delivery: your Personal Data is stored for 180 days in AZIRA FRANCE’s database. At this level, AZIRA FRANCE stores your Personal Data after minimizing and aggregating. After the retention period define herein, your Personal Data is definitely deleted from AZIRA FRANCE’s databases.
• For Reporting: your Personal Data is stored for 180 days in AZIRA FRANCE’s database. At this level, AZIRA FRANCE stores delivery data after minimizing and aggregating to serve the Reporting purpose. After the retention period define herein, your Personal Data is definitely deleted from AZIRA FRANCE’s databases.
• For Analytics: your Personal Data is stored as raw stored for 5, 90 or 180 days depending on the level of granularity and minimization of Personal Data in AZIRA FRANCE’s database. After the retention period define herein, raw data is definitely deleted from AZIRA FRANCE’s databases.
• For Data security and fraud prevention, your personal data will be stored in AZIRA FRANCE’s database for 12 months in order to manage security threats. After the retention period defined above, we permanently delete your personal data from AZIRA FRANCE’s databases.

We will only retain your personal data for as long as we need it for the purposes it was collected, unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.

13. Does AZIRA FRANCE collect personal data relating to children?

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to improve the way we work, improve our services.

You can contact us at privacy@azira.com for more information on this.

AZIRA FRANCE does not knowingly collect personal information from anyone under the age of 18 through our Services and our Services are not targeted at children.

If you are below the age of 18 years, you must not use our Services or provide any information about you to our Partners and to us.

If we are made aware that we have received personal information from someone under 18 years of age, we will use reasonable efforts to immediately delete that information from our records.

14. What are my rights under data protection law?

You have various other rights under applicable data protection laws, including the right to:

• access your personal data (also known as a “subject access request”);
• rectify incomplete or inaccurate data we hold about you;
• ask us to erase or delete the personal data we hold about you;
• ask us to restrict our handling of your personal data;
• ask us for portability of your personal data to a third party;
• object to how we are using your personal data, in particular where the processing is based on our legitimate interest;
• withdraw your consent to us handling your personal data where the processing is based on consent; and
• provide us with instructions concerning the use and disclosure of your personal data (retention, erasure, third party transfer, etc.) after your death.

You can contact us to ask about exercising your rights at any time at privacy@azira.com orby completing our webform here. Please keep in mind that privacy law is balanced with other important legal requirements, and these rights will not always be available to you all of the time.

You also have a right to lodge a complaint against a supervisory authority such as the Commission Nationale de l’Informatique et des Libertés, “CNIL” in France

We do not carry out any automated decision-making that produces legal effects or similarly significantly affects you.

15. Will there be changes to this policy?

We may update this policy from time to time and will use reasonable efforts to notify you of any significant changes. We encourage you to revisit this page for the latest information on our privacy practices.

‍