Category: Legal

Cookie Policy

This website, and any other website on which our Privacy Policy is posted (collectively, the “Verve Group Websites”), utilize cookies. We use cookies to provide, market, improve, and operate the Verve Group Websites and our services, including, without limitation, to personalize content and ads, provide social media features, and analyze our traffic. We also share information about your use of the Verve Group Websites with our social media, advertising, and analytics partners who may combine it with other information that you have provided to them or that they have collected from your use of their services. The Verve Group Websites use different types of cookies, including cookies placed by third-party service providers that appear on our pages. You can at any time change or withdraw your consent to cookies on the Verve Group Websites by using the dialog provided below. Learn more about our privacy practices on the Verve Group Websites, how we process personal data, and how you can contact us in our Privacy Policy.

California Applicant Privacy Notice

Date modified: August 1, 2023 Index California Consumer Privacy Act HR Applicant Supplement for California Residents 1. General We are pleased that you are interested in us and are applying or have applied for a position within the Verve Group. Depending on which of the Verve Group companies you are applying to, the company you are applying to is referred to as “us”, “we” or “our” in this Policy. You can see all Verve Group companies and the contact details for data subject access requests below: Verve Group Europe GmbHKarl-Liebknecht-Str. 32, 10178 Berlin, Germanymoc.evrev@ycavirp Verve Group, Inc. 350 Fifth Ave. Ste. 7700, New York, NY 10118 USAmoc.evrev@ycavirp VGI CTV, Inc.350 Fifth Ave. Ste. 7700, New York, NY 10118 USAmoc.evrev@ycavirp Dataseat Ltd.Flat 2, 33 Hyde Park Square, London, United Kingdom, W2 2NWmoc.taesatad@ycavirp Match2One ABStureplan 6, 11435 Stockholm, data.1722012857priva1722012857cy@ma1722012857tch2o1722012857ne.co1722012857mnede1722012857wS1722012857 Platform 161 B.V.Weteringschans 89, 1017 RZ Amsterdam, The Netherlandsmoc.161mroftalp@ycavirp Smaato Inc.350 Fifth Ave. Ste. 7700, New York, NY 10118 USandBarcastraße 5, 1st Floor, 22087 Hamburg, Germanymoc.otaams@ycavirp In this CCPA Applicant Privacy Notice (“Privacy Notice”), we would like to provide you with information on the processing of your personal data in connection with your application. Please note that this Privacy Notice applies to Verve Group Candidates who are California Residents (“you”) in addition to our general Privacy Policy, California Privacy Notice, and Cookie Policy for this website. This Privacy Notice describes the categories of personal information and sensitive personal information (as indicated below) we collect and the purposes for which we process that information. You, as an applicant, are responsible for ensuring that the data you submit to us is correct and true. You are under no statutory or contractual obligation to provide personal data to Verve Group during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all. Your personal data will be treated as strictly confidential. This Privacy Notice may be subject to modification from time to time, notably in the event of changes to legislation or the introduction of new laws. Any changes will be published on our website. We therefore recommend that you check this Privacy Notice regularly.How We Collect, Share, and Retain Your Data We have set out below the categories of personal information we may have collected about California residents in the preceding twelve (12) months and, for each category of personal information that may have been collected, the categories of sources from which that information may have been collected, and the categories of third parties as defined under the CCPA with whom we may have shared the personal information. Category of Personal Information We have collected such personal information from the following categories of sources: We shared such personal information with the following categories of third parties: Identifiers: e.g., real name, alias, postal address, unique personal identifier (Sensitive Personal Information), online identifier, Internet Protocol address, email address, account name, social security number, passport number, or other similar identifiers (Sensitive Personal Information). Directly from you, e.g., from forms you completed.Indirectly from you, e.g., information you authorized a third-party or service provider to provide to us.From service providers that interacted with us in connection with the services performed (e.g., background screening and verification including education, past employment, criminal background, references).From a public source (i.e., the internet or public records). Outplacement firms/career transitionPublic entities and institutions (e.g., regulatory, quasi-regulatory, tax or other authorities, law enforcement agencies, courts, arbitrational bodies, fraud prevention agencies)Professional advisors including law firms, accountants, auditors, insurers, and tax advisors. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): e.g., name, contact information, insurance policy number, education, employment, employment history, financial information, medical information, and health insurance information (Sensitive Personal Information).Some personal information included in this category may overlap with other categories. Characteristics of protected classifications under California or federal law: e.g., sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), age, race, religion (Sensitive Personal Information), national origin, disability, medical conditions and information, citizenship, immigration status and marital status; veteran or military status. Professional or employment-related information: e.g.,Employee pre-hire documents, such as job applications, resumes, background check forms and results, job interview notes, and candidate evaluation records; work history and prior employer, human resources data like performance evaluations and data necessary for benefits and related administrative services; Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99): e.g., student records. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Internet or network activity information: e.g., interactions with our website, applications, or systems. Please see our California Consumer Privacy Act Notice for California Residents, including website users, located here for more information. Geolocation data: e.g., IP address 2. We Also May Share Any of the Personal Information We Collect as Follows: Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with a legal process or a regulatory investigation (e.g., a subpoena or court order); (b) enforce our Terms of Service, this Privacy Notice, or other contracts with our business partners, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our business partners, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes. Sharing In the Event of a Corporate Transaction:  We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, for purposes of due diligence connected with any such transaction or transition of service to another provider. In such cases,

EU Applicant Privacy Policy

Date modified: March 20, 2024 Index 1. General This EU Applicant Privacy Policy describes how we process personal data when you apply for a position within the Verve Group. Depending on which of the Verve Group companies you are applying to, the company you are applying to is referred to as “us”, “we” or “our” in this Policy.” You can see all Verve Group companies and the contact details for data subject access requests below: Verve Group Europe GmbHKarl-Liebknecht-Str. 32, 10178 Berlin, moc.e1722012857vrev@1722012857ycavi1722012857rpyna1722012857mreG1722012857 Verve Group, Inc. 350 Fifth Ave. Ste. 7700, New York, NY 10118 moc.e1722012857vrev@1722012857ycavi1722012857rpASU1722012857 VGI CTV, Inc.350 Fifth Ave. Ste. 7700, New York, NY 10118 moc.e1722012857vrev@1722012857ycavi1722012857rpASU1722012857 Dataseat Ltd.Flat 2, 33 Hyde Park Square, London, United Kingdom, W2 moc.t1722012857aesat1722012857ad@yc1722012857avirp1722012857WN21722012857 Match2One ABStureplan 6, 11435 Stockholm, moc.e1722012857no2hc1722012857tam@y1722012857cavir1722012857p.ata1722012857dnede1722012857wS1722012857 Platform 161 B.V.Weteringschans 89, 1017 RZ Amsterdam, The moc.1172201285761mro1722012857ftalp1722012857@ycav1722012857irpsd1722012857nalre1722012857hteN1722012857 Smaato Inc.350 Fifth Ave. Ste. 7700, New York, NY 10118 USandBarcastraße 5, 1st Floor, 22087 Hamburg, moc.o1722012857taams1722012857@ycav1722012857irpyn1722012857amreG1722012857 We are pleased that you are interested in us and are applying or have applied for a job with us. In this Applicant Privacy Policy, we would like to provide you with information on the processing of your personal data in connection with your application. As part of the application process, it is regularly necessary to forward your personal data within the Verve Group to the relevant business department or affiliated group company. The legal basis of such data processing is Art. 88 para. 1 of the EU General Data Protection Regulation (“GDPR”) in connection with § 26 para. 1 German FDPA, i.e., you provide us with personal data for the purpose of deciding whether to establish an employment relationship. Whenever we collect, process, and retain your personal data, the Verve Group company or affiliate to which you are applying for a job, or which will be your contract partner, will act as a data controller. You, as an applicant, are responsible for ensuring that the data you submit to us is correct and true. You are under no statutory or contractual obligation to provide personal data to Verve Group during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all. Your personal data will be treated as strictly confidential. This Applicant Privacy Policy may be subject to modification from time to time, notably in the event of changes to legislation or the introduction of new laws. Any changes will be published on our website. We therefore recommend that you check the Applicant Privacy Policy regularly. This Applicant Privacy Policy applies in addition to the general Privacy Policy and Cookie Policy for each Company website: Verve Group Europe, GmbH; Verve Group, Inc.; VGI CTV, Inc. & Platform161, B.V.: https://verve.com/product-privacy-policies/https://verve.com/website-privacy-policy/ DataSeat Ltd.: https://dataseat.com/privacy-policy/ Match2One AB: https://www.match2one.com/privacy-policy/https://www.match2one.com/cookie-policy/ Smaato, Inc.: https://www.smaato.com/privacy/https://www.smaato.com/cookie-policy/ 2. How Verve Group Collects, Uses, and Retains Your Data We may collect personal data from you through your online application via the Career Portal (as defined below), email, a third party such as a recruitment agency, or someone who recommended you. Applications are processed in collaboration between the Verve Group human resources department (hereinafter “HR Department”), the management, and the relevant business department of the Verve Group company which advertises the position. The responsible person of the business department concerned, the responsible manager, and the responsible person of the HR Department may belong to different legal entities within Verve Group. Therefore, it is possible that your personal data is exchanged between different legal entities within the Verve Group. Our application process includes the following processing steps: In some cases, we need to process your personal data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in Germany before employment starts. All personal data you submit to us in the framework of your application is collected, processed, and retained by Verve Group for processing your job application. This includes evaluating your qualifications and skills, verifying the information you have provided, carrying out reference checks, communicating with you, managing the recruitment process, and deciding on the establishment of an employment relationship for which you have applied. If you give your consent or we deem this is in your interest, we may send you further job offers or invitations to surveys, e.g., an option for you to provide us with your opinion concerning the application process via a form. As a rule, no personal data will be gathered from you or processed in this form. Should you wish to remain anonymous, please ensure that you do not disclose any information in the free text field in the opinion survey that allows you to be personally identified. Verve Group offers the possibility to join a talent pool (“Talent Pool”). When your application is uploaded through our online upload function without being linked to a specific job offer, or relates to a specific offer but you have provided your consent for further processing, then Verve Group may process your personal data as follows: After completion of the application procedure whereas no employment contract was concluded your application documents will be stored for a maximum of twelve months, so that we can contact you again if necessary or respond to enquiries. After that period, your data will be anonymized. If you have registered in our Career Portal (Recruitee), your data will be stored there until you delete your profile. Should the data be necessary for legal prosecution after completion of the application procedure, data processing may be carried out based on the requirements of Art. 6 GDPR, in particular to safeguard Verve Group’s legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the exercise or defense of legal claims. When hired, your personal data will be transferred from the Career Portal to the HR administration system. Processing and storage of your personal data will then be governed by Verve Group’s internal data processing policies of which you will be

Recruitment Fraud

Phishing Scams from False Recruiters Over the last few months, “spoofing” incidents have increased across many industries. This is a type of phishing attempt where cybercriminals use messaging platforms such as WhatsApp and Telegram to pose as a recruiter from a legitimate institution. They send messages to deceive people who may be looking for a job. The goal of such spoofing frauds is to entice unsuspecting targets to provide financial or personal information or to solicit payments seemingly related to the hiring process. Verve Group takes recruitment fraud seriously and is taking steps to address it. Please note that all applications for available positions are managed through our official candidate portal at vervegroup.recruitee.com. If you are a candidate looking for a role within Verve Group, it’s important that you know the processes associated with how Verve Group and prospective candidates come together. Communication with Talent Acquisition What to expect from the hiring and recruitment process What to do if you suspect if you have been the target of a recruiting fraud

Responsible Disclosure Statement

Responsible Disclosure Statement At Verve Group, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems. Please do the following What we promise Examples of qualifying vulnerabilities The Company reserves the right to decide if the minimum severity qualification threshold is met and whether it was already reported. Examples of non-qualifying vulnerabilities Reporting the following vulnerabilities is appreciated but will not lead to systematic reward from the company:

Product Privacy Policy — Platform161 B.V.

What this policy covers This policy explains Details about the ad serving technology Platform161 offers ad serving technology which enables its clients to engage in online advertising. Our clients are all kinds of businesses engaged in online advertising: advertisers, ad networks, media agencies, and publishers. These clients buy online ad space. When ad space is sold to a client of Platform161, Platform161’s technology fulfils this transaction by delivering the ad of an advertiser (on behalf of the client) on that site. In practice, you come into contact with Platform161 when you by means of e.g. your computer, tablet or smartphone – view an ad that has been served by Platform161 on a website. The ads sent by Platform161 are sent from the domain ads.creative-serving.com and/or ads.p161.net. Introduction The ad serving technology offered by Platform161 delivers an ad on a website. The technology uses information collected from several sources to decide the best and most relevant ad to display to you. Tracking technologies used, data collected and purposes This section of the policy describes the technologies used to help deliver the most relevant ad to you:* Cookies. Cookies are small text files that are stored within a browser. Platform 161 drops cookies through every ad it serves for the following purposes:1. For Targeting and Optimisation:(a) to recognize a user ID visiting a website (user matching);(b) as part of the (targeted) ad serving process;(c) to collect information about the user’s online interaction (over multiple websites) and use that information to build user profiles;(d) to maintain a list of ads previously delivered by the technology of Platform161;(e) to remember the number of times the same ad was delivered to a user; 2. For Reporting and Attribution:(f) to collect the number of times a user clicked on an ad served by Platform161 (on behalf of a client) and(g) to track and assess the number of times a user engages in a business transaction (i.e. makes purchases) on the site of an advertiser.(h) to determine, count and attribute conversions. For example: a user clicks on an ad served by Platform161 on a website. Once on the website the ad links to, the user makes a purchase on that website. This purchase is counted by means of cookies. Platform161 uses the following types of cookies: Cookie name User matching Targeting and optimisation Reporting and attribution Information held in Cookie Persistence Expiry (days) pvc3 N N Y impression context Permanent 395 pcc3 N N Y impression context Permanent 395 trc N N Y impression context Permanent 395 ad2 N N Y impression context Permanent 395 view N N Y impression context Permanent 395 landing N N Y impression context Permanent 395 tuuid Y Y Y User ID Permanent 395 tuuid_lu N N N timestamp Permanent 395 c N N N timestamp Permanent 395 Some explanations about cookies: Next to the data that are being gathered by Platform161 through dropping our own cookies, third-party data can also be used to optimize our campaigns. These third-party data come from third-party data providers that live up to current law and industry standards.Platform161’s cookies will be stored for 13 months after being dropped on a device. * Ad tags. Platform161’s technology responds to requests from ‘ad tags’ placed on the website you are visiting. Ad tags provide Platform161 with information and enable Platform161 to determine the correct size and location of an ad. * Pixel tags. Platform161 also uses pixel tags (also known as javascript or 1×1 pixels) to drop cookies. A pixel tag is a tiny graphic or script placed on a website that is not visible to the user. These pixel tags communicate with the technology of Platform161 and enable Platform161 to recognize a user by means of its UUID, or in the event that no UUID has been assigned to a user, to drop a cookie on the user’s equipment and assign a UUID to the user. The use of pixel tags allows Platform161 to measure campaign effectiveness, to optimize campaign performance and to provide more relevant advertising. Pixel tags furthermore allow Platform161 to create and identify consumer segments and to select the appropriate ad based on the consumer segment. Transparency, Choice and Opt-In:Platform161’s technology uses cookies for ad selection in order to enhance ad effectiveness. Platform161 believes that the tracking technologies used by Platform161 and described above enhance your web experience by limiting the repetitiveness of advertising and increasing the level of relevant ads delivered to you. However, you may not want, for example, cookies to be stored on your equipment or information to be collected by using these cookies. We will therefore only drop a cookie on your computer if you have consented or opted-in for this. We also provide you with the possibility to no longer accept Platform161’s cookies. To enable our cookies please click ‘opt-out’. To opt-out or opt-in, please click on the corresponding link below:Opt-out →Opt-in → Platform161’s Technology Data Controller, Data Collected, Purpose Besides the data collected when a cookie is dropped, the Platform161 technology also collects the following possible personal data: such as the date and time of ad delivery to a user, the IP address, postal code, region and country of a user, language setting, the type of browser, operating system used and connection speed, status of a user (unknown, accepting or not accepting cookies), the web page address(es) where the ad has been delivered, and administered clicks on ads. This information helps our technology to decide the best and most relevant ad to display to a user. Platform161’s technology collects and stores aggregated ad delivery reporting data. This data is used to provide our clients with campaign reporting and used for billing purposes. A typical report includes information about the ads delivered, including the date and time of ad delivery, the websites on which the ads were shown, and statistics on user response. A report also includes statistics about browser types, date and time of ad delivery, and inferred geography. Finally, the information collected (by means of cookies and/or other

Vendor List

Vendor List Last updated on: August 1st, 2020 Verve Group Europe GmbH works with demand-side platforms, programmatic exchanges, and other sub-processors (collectively, “Vendors”), that bid on the ad inventory of our mobile application and/or website publishers (“Publishers”) through the Verve Group exchange in order to display personalized ads to such Publishers’ end-users (“End-Users”). This Partner List pertains to the Vendors that provide personalized advertising to End-Users based in the European Economic Area (EEA), Switzerland, and/or the United Kingdom (UK), which are subject to the European Union’s General Data Protection Regulation (GDPR). Verve Group Europe GmbH supports, and we encourage our Publishers and Demand Partners to support, the IAB Europe’s Transparency and Consent Framework (the “TCF”) in regard to End-Users based in the EEA, Switzerland, and/or UK that are subject to the GDPR and served personalized advertising. For more information about the TCF, please visit https://iabeurope.eu/transparency-consent-framework/. This Vendor List includes all companies registered on the TCF’s Global Vendor List, to which End-Users may be provided notice by Publishers implementing the TCF standard (“TCF Vendors”), and Verve Group Europe GmbH’s Vendors that provide personalized advertising to End-Users based in the EEA, Switzerland, and/or UK through Verve Group Services. We encourage you to review the privacy policies of our Vendors and the TCF Vendors to ensure that you understand their privacy practices in relation to the personal data they may process. Please be reminded that this Vendor List includes all TCF Vendors that have registered for inclusion in the TCF. Therefore, while End-Users may be provided notice of these TCF Vendors by Publishers implementing the TCF, Verve Group Europe GmbH may not directly work or share personal data with all of the TCF Vendors listed below. The descriptions of Purposes and Features can be found at VENDOR LIST TCF v2.0 (provided by IAB Europe). Programmatic Exchanges Vendor Name IAB TCFv2 vendor_id Privacy Policy Purposes Legitimate Interest Purposes Flexible Purposes Special Purposes Features Special Features Index Exchange Inc. 10 https://www.indexexchange.com/privacy 1, 2, 7 2, 7 1, 2 3 1 RTB House S.A. 16 https://www.rtbhouse.com/privacy-center/services-privacy-policy/ 1, 2, 3, 4, 7, 10 1 Verizon Media EMEA Limited 25 https://www.verizonmedia.com/policies/ie/en/verizonmedia/privacy/index.html 1, 3, 4, 5, 6 2, 7, 8, 9, 10 2, 7, 8, 9, 10 1, 2 1, 2, 3 1 Venatus Media Limited 26 https://www.venatusmedia.com/privacy/ 1, 2, 3, 4, 7, 8, 9, 10 3 Xandr Inc. 32 https://www.xandr.com/privacy/platform-privacy-policy/ 1, 3, 4 2, 7, 10 2, 7, 10 1, 2 2 1 RhythmOne DBA Unruly Group Ltd 36 https://www.rhythmone.com/privacy-policy 1, 2, 3, 4, 7, 8, 9, 10 1, 2 1, 2, 3 1 Taboola Europe Limited 42 https://www.taboola.com/privacy-policy 1 2, 3, 4, 5, 6, 7, 8, 10 2, 3, 4, 5, 6, 7, 8, 10 1, 2 1, 2, 3 Smart Adserver 45 https://smartadserver.com/end-user-privacy-policy/ 1, 4 2, 7 2, 7 1, 2 3 1 TRADELAB 49 https://tradelab.com/en/privacy/ 1, 2, 3, 4, 5, 6 7, 8, 9, 10 7, 8, 9, 10 1, 2 1 The Rubicon Project Inc. 52 http://www.rubiconproject.com/rubicon-project-yield-optimization-privacy-policy/ 1 2, 7, 10 2, 7, 10 1, 2 1 Sizmek by Amazon 68 https://www.sizmek.com/privacy-policy/ 1, 3, 4 2, 7, 9, 10 2, 3, 4, 7, 9, 10 1, 2 1, 2 OpenX 69 https://www.openx.com/legal/privacy-policy/ 1 PubMatic Inc. 76 https://pubmatic.com/privacy-policy/ 1, 3, 4 2, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2, 3 1 MediaMath Inc. 79 http://www.mediamath.com/privacy-policy/ 1, 3, 4 2, 7, 10 3, 4 1, 2 1, 2, 3 1 Smaato Inc. 82 https://www.smaato.com/privacy/ 1, 2, 3, 4, 7, 9 10 2, 7, 9, 10 1, 2 1, 3 1 Criteo SA 91 https://www.criteo.com/privacy/ 1, 2, 3, 4, 7 2, 3, 4, 7 1, 2, 3 Blis Media Limited 94 http://www.blis.com/privacy/ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2, 3 1 LiveRamp Inc. 97 https://www.liveramp.com/service-privacy-policy/ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2 1, 2, 3 Sonobi Inc 104 http://sonobi.com/privacy-policy/ 1, 2, 3, 4 7, 8 2 1 LoopMe Limited 109 https://loopme.com/privacy-policy/ 1, 2, 3, 4, 5, 6, 7, 8 9, 10 9 1, 2 1, 2 1 Fusio by S4M 119 http://www.s4m.io/privacy-policy/ 1, 10 1 1 DoubleVerify Inc.‚Äč 126 https://www.doubleverify.com/privacy/ 2, 7, 10 1, 2 BIDSWITCH GmbH 128 http://www.bidswitch.com/privacy-policy/ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 3 1 IPONWEB GmbH 129 https://www.iponweb.com/privacy-policy/ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2, 3 1 Teads 132 https://www.teads.com/privacy-policy/ 1, 3, 4 2, 7, 9, 10 1, 2 3 MADVERTISE MEDIA 153 https://madvertise.com/en/gdpr/ 1, 2, 3, 4, 5, 6, 7, 9, 10 5, 6, 10 2 1, 2 Smadex SL 161 http://smadex.com/end-user-privacy-policy/ 1, 2, 3, 4, 7, 10 1, 2 1, 2, 3 1 Unruly Group Ltd 162 https://unruly.co/privacy/ 1, 2, 3, 4, 7, 9, 10 1, 2 1, 2, 3 1 Outbrain UK Ltd 164 https://www.outbrain.com/legal/privacy#privacy-policy 1 3, 4, 5, 6, 7, 8, 9, 10 3, 4, 5, 6, 7, 8, 9, 10 1, 2 1, 3 SpotX Inc. 165 https://www.spotx.tv/privacy-policy/ 1, 3, 4 2, 7, 9, 10 2, 3, 4, 7, 9, 10 Yieldmo Inc. 173 https://www.yieldmo.com/privacy/ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2 remerge GmbH 192 https://remerge.io/privacy-policy.html 1, 2, 3, 4, 7 Mediasmart Mobile S.L. 193 http://mediasmart.io/privacy/ 1, 2, 3, 4, 7, 9, 10 3 1 Zemanta Inc. 210 http://www.zemanta.com/legal/privacy 1 3, 7, 9, 10 3, 7, 9, 10 1, 2 1 StackAdapt 238 https://www.stackadapt.com/privacy 1, 2, 3, 4 7, 9, 10 2 1, 2 1 OneTag Limited 241 https://www.onetag.com/privacy/ 1, 2, 3, 4, 7, 9, 10 7 1, 2 1, 2, 3 1 Jaduda GmbH 252 https://www.jadudamobile.com/datenschutzerklaerung/ 1 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 1, 2 3 1 Improve Digital BV 253 https://www.improvedigital.com/platform-privacy-policy 1, 3, 4, 9 2, 7, 10 2, 7, 10 1, 2 3 1 LiquidM Technology GmbH 254 https://liquidm.com/privacy-policy/ 1, 2, 3, 4, 7 1, 2 3 1 Fyber 262 https://www.fyber.com/legal/privacy-policy/ 1,

Data Safety Guidance

Prepare for Google Play’s Data Disclosure Requirements In May 2021, Google Play announced the new data safety section, which is a developer-provided disclosure for an app’s data collection, sharing, and security practices. How can you complete these new data disclosure requirements in regards to your usage of Verve Group’s HyBid Android SDK? On this page, you can find information on whether and how our SDKs handle end-user data. We aim to be as transparent as possible in supporting you; however, as the app developer, you are solely responsible for deciding how to respond to Google Play’s data safety section form regarding your app’s end-user data collection, sharing, and security practices. How To Use the Information on This Page This page lists the end-user data collected by only the latest version of Verve Group’s HyBid Android SDK. We provide information about data collected automatically versus data collected depending on your usage. Automatic collection means that the SDK collects specific data without you invoking any specific method or class in your app. However, in many cases, the data collected by the SDK depends on your app’s specific usage of the product, meaning your app’s configuration and how you invoke the SDK. To complete your data disclosure, you can use Android’s guide about data types to help you determine which data type best describes the collected data. In your data disclosure, make sure to also account for how your specific app shares and uses the collected data. Important: To help you ensure that your app’s disclosures are accurate, we recommend the following: Overview of Data Encryption, Data Sharing, and Data Deletion for Verve Group’s HyBid Android SDKs Data encryption For the collected end-user data listed on this page, HyBid Android SDK encrypts the data in transit using HTTPS. Data sharing For the collected end-user data listed on this page, Verve Group does not transfer this data to third-parties except:To third-party subprocessors that assist us in providing Verve Group services.In accordance with your instructions (for example, if you choose to link Verve Group to other non-Verve Group services). Data deletion Verve Group enables developers to delete end-user data in a manner consistent with the functionality of the Verve Group services. Data Collected and Shared Automatically Data TypeCategory Data Type Collection Purposes Relevance to HyBid Android SDK’s Data Collection Policies Identifiers Device ID Advertising or marketing Fraud prevention, security and compliance HyBid Android SDK collects Ad ID (Identifier for Advertisers) when made available by the user per the device settings. Usage Data AdvertisingData Advertising or marketing Fraud prevention, security and compliance HyBid Android SDK collects information related to the ads served to users of the app via the Verve Group services (e.g. impressions, advertiser name, clicks, completions). Data Collected and Shared Depending On Your Usage Data TypeCategory Data Type Collection Purposes Relevance to HyBid Android SDK’s Data Collection Policies Location PreciseLocation Advertising or marketing It is optional for publishers to share “precise location” and allow HyBid Android SDK to collect it. This means that only if the publishers allows its app to collect location data from users after obtaining user’s explicit consent to such data collection, then such data is also collected via the HyBid Android SDK. HyBid Android SDK does not collect or attempt to collect such information independently. CoarseLocation Advertising or marketing It is optional for publishers to share “coarse location” and allow HyBid Android SDK to collect it. This means that only if the publishers allows its app to collect location data from users after obtaining user’s explicit consent to such data collection, then such data is also collected via the HyBid Android SDK. HyBid Android SDK does not collect or attempt to collect such information independently. Data Handling Android Ad ID is collected by default. The Ad ID can be reset by users using Ad ID control. As the app developer, you can prevent the collection of Ad Ids by updating the app’s manifest file. Certain other features in Verve Group’s HyBid Android SDK, such as the limit ad tracking feature, may also disable transmission of the Ad ID and other data. Upload to Google Play Console To simplify the process of gathering the information in a standardized manner, we have put together a .csv file based on the official Google template, containing all of Verve Group’s data handling practices for our HyBid Android SDK. You can utilize this .csv file to merge it with your app’s and other vendors’ data handling practices and convert it into a master file, which can be uploaded directly to the Data Safety section of your app in the Google Play Console.

Opt-Out

About Our Ads Verve Group, Inc. and VGI CTV, Inc. use a variety of data sets, including data about the apps you use and places you have been, to deliver ads that are relevant to you. To Opt Out Use the limit ad tracking settings on your device if you want indicate to Verve Group, Inc. and VGI CTV, Inc. that you do not want the ads we deliver to be selected based on cross app/device data. Verve Group’s Privacy Policy Detailed information can be found in our privacy policy.