Business Model
Anixe.Net is cooperating with TV broadcasters to offer two main services:
- Reach & activity measurement of TV consumption of the broadcaster operated channels (only on SmartTV sets, connected to the internet with activated HbbTV services).
- Delivery of graphical or video advertising on top of the linear TV signal.
Anixe.Net is cooperating with advertisers to offer two main services:
- Delivery of graphical or video advertisements on the aggregated channels of Anixe.Net’s broadcaster partners.
- Targeting & selling digital advertising on web & mobile devices, which can be associated with a TV set with digital advertisements related on TV viewing information of the TV set (household targeting).
General Workflow
- When a TV set (HbbTV activated & connected to the internet) is switching the broadcaster channel which is cooperating with Anixe.Net, the broadcasting signal contains a URL, which is triggering the TV set to load an application from a Anixe.Net server.
- The application allows Anixe.Net to steer the delivery of advertising (by triggering the adrequest with the process described above). The application also triggers a signal, when the user switches in or away from the channel and every two minutes a heartbeat signal, as long as the channel is switched on.
- Broadcasters can send the eligible time frames, in which anixe.net is allowed to deliver advertisements, via an API to Anixe.Net.
- After an anonymization process anixe.net is storing the times a TV set has been switched in to a channel and merges this information with the EPG information of the broadcasters. This enables Anixe.Net to select & target anonymized TV devices based on viewing behavior.
Purpose of Data Collection – why do we collect personal data?
The usage of audience data is to one part technically mandatory to achieve a good advertising experience for you as a website visitor, but it also supports the efficient usage of marketing budgets by advertisers.
Hence, not only publishers but also advertisers have a commercial interest in online marketing supported by audience targeting algorithms.
Storing anonymous identifiers
Anonymous identifiers are stored by your browser in cookies which are small files created in a specific directory on your device.
Cookies are usually created automatically, but you can adjust the behaviour and even delete your cookies manually if needed.
Usage of anonymous identifiers
Data collection for steering the displaying of advertisements to website visitors, app users or
TV viewers
The most important purpose of using anonymous identifiers is to be able to control and count the amount of advertising which is shown to the users on their web, mobile and TV devices.
We use identifiers for:
- Controlling the frequency of how often the user is seeing the same advertisement (frequency capping)
- Counting impressions, clicks and viewing completion rates of advertisements
- Counting the unique number of users / devices who have seen a certain advertisement within a certain frequency
- Being able to prefer users in advertising delivery who are likely to interact or fully view an advertisement
- Being able to prefer users for ad display who seem to belong to a certain age range or gender based on websites these user prefer. Goal is to show more relevant advertisements.
What you can see from all those purposes of data collection, is that you as a user benefit from it, especially by not being bothered by the same advertisement dozens of times or seeing irrelevant ads, e.g seeing an ad for diapers while being a silver haired single. This is directly contributing to a positive internet usage experience for you.
Being able to count impressions, clicks and to measure ad consumptions are important functionalities for advertisers as well. They are paying publishers for every ad they show and need to have reliable numbers for this. Also advertisers need to understand how users are interacting with their creatives, because also advertisers want to present entertaining advertisements which are able to gain the user’s attention.
Are anonymous identifiers really ensuring anonymity of your data?
Yes, there is practically no way, we could find out who you are by looking at the anonymous user ID. It would require us to have physical and software access to all devices which have been in contact with Anixe.Net ads and to identify who is owning and using them. Then we would need to read the device IDs stored on all of them to finally find out, which one of those is yours. We hope you agree, that this is practically impossible. That is also the reason, why you should be skeptical, when cookies are demonized in the public discussion about online marketing. If cookies are used in a responsible manner, there is absolutely no privacy risk attached to it for the end user.
However, there is an Achilles heel in the game, which is the IP address, from which your device is calling the ads from our servers. The IP address is required in any internet communication and therefore transferred in adrequests to our systems. Since IP addresses of users normally are provided by ISPs or telecommunication companies to you, it would be possible to use the IP address to find out who you are. To do so, we would still need to force the ISP company by legal means to disclose your name to us.
However this scenario is much more likely than Anixe.Net employees breaking into millions of houses. Therefore the IP address needs to be treated with special care to make sure, you anonymity is safely protected. How we make use of IP addresses and what we do to protect your anonymity is described in the next section.
Usage of the IP address
As described above the IP address is transferred to the Anixe.Net systems in the moment where an advertisement is requested from a user device. anixe.net is using the IP addresses for four different purposes:
Resolving the geographic location from the user’s device
Some advertisers are selling their products only in certain countries regions or cities. For this
reason advertisers want to avoid, that advertisements are shown in regions, where their products are not sold, because this would be a waste of money. The IP address can be used to roughly determine the geographic location of a user. By this users can be targeted on country, state and (with limited accuracy) also on a city level/postal code level. For this purpose Anixe.Net resolves the IP address to a geographic location by using an external geographical database. The IP address is also forwarded to sub-processor and buying partners for this purpose.
Fraud Detection
Unfortunately, advertising fraud has become a serious problem in online marketing. Ad fraud usually means, that advertisements are displayed on artificial websites, where impressions are artificially generated and not by real human beings. The damage from fraudulent advertising is serious and estimated to be in the range of hundreds of million USD per year. To detect such fraudulent sites, the IP address plays a vital role. Botnets, which are inducing ad fraud are usually working with a limited range of IP addresses.
For this reason IP addresses are so important for fraud prevention.
Also buying partners and anixe.net sub-processors are relying on the IP address for fraud detection.
How do we make sure that data remains anonymous when using IP addresses?
The potential vulnerability of user privacy by processing the IP address has been addressed early on by Anixe.Net. We have built several layers of protection to make sure, that anonymity is granted for users, who are getting in contact with Anixe.Net advertisements.
- Protection Layer 1: IP address anonymization service
Anixe.Net has separated the processing of the IP address for geographic location and device
matching from the ad delivery system. I.e. before the IP address reaches Anixe.Net’s core system,
where data is stored, it is shortened and hashed by an anonymization service. This service only
determines the geographic information. Afterwards the service truncates and encrypts the IP
address, before it is passed on to the anixe.net core system. The original address is not stored
and dropped after the encryption. By this the only information stored on Anixe.Net servers cannot
be restored anymore to the original IP address. Hence, the only piece of information, which could
be used to identify you as a real world person is irreversibly destroyed. - Protection Layer 2: Grouping of IP addresses before matching devices
Since building connections between devices is nothing a user would naturally expect to happen, when surfing the internet or watching smart TV, Anixe.Net has put specific attention on the full anonymization of any device matching. Again the IP address is is the critical data point. Since the IP address is used to do the matching, it would be relatively easy to assign a household to real world persons and to conclude on their interests and behaviors. Therefore Anixe.Net has built in a safety mechanism, which completely prevents that.
Again the mechanism is quite simple – we are not matching devices based on single IP addresses, but
only based on groups of five IP addresses at the same time. - Protection Layer 3: Minimizing the usage of the remaining data
For building these cross device profile we are again minimizing the usage of your data. We are also
only matching devices around TV sets and do NOT try to find out if e.g. a mobile and a PC are connected without the reference to a TV set. I.e. if we are building TV usage profiles like described above, we are only building them for a group of devices, as a whole, but not for you individually. By this we are making the collected information even more fuzzy, which again prevents, that anybody could conclude on you as an individual from our data. You again remain completely anonymous.
Legal Base for Processing User Data
Cookie Opt in / Opt Out in accordance with the national implementation of the ePrivacy Regulation of 2008 (Directive 95/46/EC)
Cookies set by websites or apps from publishers or broadcasters who are working with Anixe.Net
The ePrivacy Regulation from 2008 determined the currently valid regulations for the usage of cookies for online marketing. This regulation has been implemented differently within the countries belonging to the European Union.
Some countries are still considering an opt out possibility to be sufficient, while in many countries so-called “Cookie banners” or “Cookie walls” have become the market standard for the usage of cookies. Although with the new GDPR many privacy regulations have been changed, the current ePrivacy guidelines remain valid legislation. Therefore, you should still see cookie walls or being offered opt out opportunities when surfing the web.
For most of the data Anixe.Net is handling, Anixe.Net is acting as a processor, i.e. the data is sent to Anixe.Net from websites, apps or smart TVs which are operated by other companies (referred to as “publishers” in the following). Anixe.net is only processing data from these companies if a valid data processing agreement is in place, which also foresees the obligation of the publisher to only send data to Anixe.Net, for which the publisher has requested a cookie opt in or opt out possibility, in accordance with the regulations and practices in your country.
Cookies which are set on TV devices are based on the permission to set them obtained by the broadcaster directly from you. This is usually the case when you are using so-called “red button applications” on your smart TV. Usually you are invited to use them, when you are switching to a broadcast station, which is offering these services. They should point you to the terms and conditions and their privacy statement, when using them. Usually here you will find all informations where and why cookies are set.
Behavioral segmentation and IP address usage based on legitimate interest according to Article 6.1 lit. f GDPR
Anixe.Net is cooperating with website owners or website aggregators (“publishers”) to sell digital video advertising on the publisher’s website. For doing this anixe.net is usually receiving a certain share of the advertising revenue, which has been generated for a publisher. These activities are important pillars for publishers to refinance the production of video and website content you mostly can consume free of charge.
Anixe.Net is processing anonymous identifiers and IP addresses solely for the purposes, which have been described above. For every data point Anixe.Net is using, the relevant use cases have been defined and an assessment has been conducted if the interest of anixe.net in using that data point
is in balance with the user interest in privacy. This assessment has been discussed and audited by external privacy experts and auditors. Anixe.Net is not processing name, email addresses or sensitive data categories according to Article 6.1 lit. f GDPR. Anixe.Net is not consciously or specifically collecting data from children.
Which data is stored, where and how long?
Αnixe.Νet is storing personal data only when necessary and only as long as reasonably needed to conduct its regular business. Anixe.Net is not storing IP addresses, but only their truncated and encrypted hashes.
IP address hashes and anonymous identifiers related to advertising contacts (i.e. adrequest, bidrequest, impression and click data) are stored in log files. Log files are required for Anixe.Net’s advertising and publisher partners in cases of disputes. Log files contain the user ID, browser, date, time, website url, hashed IP address, operating system and device type on which the advertisement has been shown. If advertisers or publishers are counting deviating numbers of ad impressions, this can lead to disputes about the payments to make to or from Anixe.Net. In such cases log files are the only means of proof to validate the accuracy of Αnixe.Νet invoices or credit notes. Log files are also required to generate aggregated reports about advertising campaign delivery on websites, which are provided to Anixe.Net’s clients. In cases, where the data aggregation fails, server log files are needed to restore this information. We are storing log files for a term of 100 days. Usually reporting issues or invoice disputes are not occurring later than that period.
Anonymous identifiers and their assignment to segments are stored in a key value database and for TV analytics within specialized analytical databases. User IDs stored in cookies and the related information are deleted 30 days after the last contact. Cookies on TV devices are set for a lifetime of 1 year. We are using longer expiration periods, because we need the cookies on TV sets to manage opt in or opt out information. Cookies which are storing opt out information are set for a lifetime of 10 years. Raw data in our TV analytics database is stored for 120 Days. As written above segmentation cookies are set for campaign specific periods usually in the range of 30 to 90 days.