DataWave LTD participates in the IAB Europe Transparency & Consent Framework (TCF) and complies with its Policies and Specifications. Our IAB Europe assigned Vendor ID is 1244.

1.1 No Collection of Location or Precise Location Data

DataWave LTD does not collect, receive, infer, or process any form of location data, including GPS data, Wi-Fi or cell-tower based location, or any data capable of identifying an individual’s movements or physical whereabouts.

We do not obtain location data from third parties, data brokers, or partners.

1.2 Information We Receive in Bid Requests

When operating our Demand-Side Platform (DSP), we receive bid requests from supply partners (SSPs and ad exchanges). Each bid request may contain an IP address, user agent, device characteristics, device identifiers (where transmitted by the supply path), probabilistic identifiers, contextual information about the page or app, and a TCF Transparency & Consent (TC) String.

Pseudonymisation by hashing. Upon receipt, IP addresses and device identifiers are passed through a one-way cryptographic hash. The original values are not stored and cannot be recovered from the hash. The resulting hash remains personal data under the GDPR because it can still be used to single out the same device on subsequent bid requests; we treat it accordingly.

No third-party data inputs. We do not purchase, license, or otherwise receive audience segments, profiles, or identity data from data brokers, advertisers, or other partners. The only personal data we process is what is transmitted to us in bid requests.

We process the data described above only to the extent permitted by the TC String accompanying each bid request, and we honour withdrawal of consent and objection signals in real time.

2.1 Personalised advertising (TCF Purposes 3 and 4) — Consent

Where the user has consented through the publisher's Consent Management Platform, we use hashed identifiers and contextual signals to:

• look up whether a hashed identifier matches one we have previously observed, in order to select retargeted advertising for the same device;
• build aggregated and statistical profiles from past bid-request signals (without raw identifiers and without third-party data) and match incoming bid requests against those profiles to select personalised advertising.

Legal basis: Article 6(1)(a) GDPR – consent, as signalled in the TC String.

2.2 Basic advertising, measurement, research and service improvement (TCF Purposes 2, 7, 9, 11) — Legitimate Interests

Where the TC String permits legitimate interests and the user has not objected, we use the data above to select non-personalised ads, measure ad delivery and conversions, generate aggregated audience insights, and develop and debug our services.

Legal basis: Article 6(1)(f) GDPR – legitimate interests in operating an advertising platform, subject to user objection.

2.3 Security, fraud prevention and technical delivery (TCF Special Purposes 1 and 2)

We process data to detect invalid traffic, prevent abuse, maintain platform integrity, and ensure the technical delivery of advertising.

Legal basis: Article 6(1)(f) GDPR – legitimate interests; users cannot object to Special Purposes under the TCF.

2.4 Device characteristics (TCF Feature 3)

We may identify devices based on information transmitted automatically by the device (e.g. IP address, user agent) to support the purposes above.

2.5 No client-side storage

We do not set cookies and do not read or write information from users' devices. All processing occurs server-side on data forwarded by our supply partners.

We do not purchase, license, or receive audience segments, profiles, or identity data from data brokers, advertisers, or partners. The only personal data we process is what is transmitted to us in bid requests by SSPs and ad exchanges, in accordance with the TC String accompanying each request.

We minimise processed data by storing only hashed identifiers, collecting no location data, and preventing any form of re-identification.

Access to data is restricted, monitored, and subject to strict internal controls.

Our systems are designed to comply with GDPR principles of data minimisation, purpose limitation, and protection by design and default.

We apply industry-standard organisational and technical safeguards, including encryption in transit and at rest, secure hashing mechanisms, strict access controls, and continuous monitoring.

While no system can guarantee absolute security, we take all reasonable steps to protect the data we process.

We retain hashed identifiers only for the minimum period required to fulfil fraud prevention and attribution purposes.

Retention period: 90 days.

After 90 days, all hashed identifiers are automatically deleted from our systems.

We do not share hashed identifiers or other data with third parties in a form that could identify an individual.

We may share aggregated and anonymised statistical insights with trusted partners. These datasets contain no identifiable information and cannot be traced back to any user.

DataWave LTD is headquartered in Israel, which is recognised by the European Commission as providing an adequate level of data protection.

Where applicable, transfers of personal data from the EU or UK to Israel comply with GDPR adequacy requirements.

Under data protection laws, you may exercise rights including access, rectification, erasure, objection to processing based on legitimate interests, restriction of processing, and the right to lodge a complaint with a supervisory authority.

You may request deletion of any data associated with your hashed identifier or object to its processing at any time.

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

• United Kingdom (UK)
• European Union (EU)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/18916586143

powered by Prighter

powered by Prighter

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date.

Continued use of our services after updates indicates your acceptance of the revised policy.

DataWave LTD

Tel Aviv, Israel

Email: c@mydatawave.com

We are committed to safeguarding your privacy and ensuring transparent, compliant handling of all data processed by our platform.