SSMAS | Privacy Policy | Google Certified Publishing Partner

Products and Services Privacy Policy - updated May 2026

SEMSEOYMAS ONLINE MARKETING SL (“SSMAS”, “we,” “our,” or “us”) is a data technology company that delivers data analytics and advertising solutions across industries. Our partners (“Data Partners”) are mobile application providers, media and technology platform providers, and others that have access to certain customer information (“User Data”) that they wish to monetize by using our services. Our services include data analytics and advertising services (“Services”). You can learn more about our Services on our website at www.ssmas.com.

Our clients (“Clients”) are businesses, including brands and agencies (“Advertisers”), owners of media properties (“Publishers”), and other companies that send targeted advertising to consumers. By using our Services, our clients are able to address a particular audience and tailor advertisements to the likely interests and preferences of such audience.

We work to ensure that our Services respect users’ privacy rights. To accomplish this goal, we adhere to privacy-by-design and privacy-by-default principles throughout the process of designing, building, and delivering our Services.

We do not process information that directly identifies a particular individual such as an unencrypted name, address or government-issued ID number. However, whether or not User Data we receive is considered personal or personally identifiable data depends on, among other factors, the definition that applies in a user’s physical location. For example, in some locations a user’s IP address may be deemed to be personal data, while in others it is not.

By law, we are required to provide you with information regarding:

how and on what legal basis we use and disclose your personal data;
how we take care of your privacy rights specific to your personal data;
how you can reach us in case you have any concerns regarding this privacy policy (“Policy”) or the way we are handling your data.

The terms of this Policy apply to all User Data to the extent it contains your personal data as defined in the applicable laws and regulations.

This Policy does not only apply to information collected by our website www.ssmas.com.

This Policy also does not apply to information collected by our Data Partners or other third parties who may provide information to us, as their information handling practices are covered by their own privacy policies.

This Policy may change from time to time, so please check back periodically to ensure that you are aware of any changes in our processing of your Personal Data. If at any time in the future we plan to use Personal Data in a way that differs from this Policy, we will post Policy edits here and place notices on other pages of the Site as applicable, or by other means if required by law. You are responsible for ensuring that you are aware of the most recent version of this Policy.

The Policy’s wording can be technical; in case you have any questions, do not hesitate to write to privacy@ssmas.com.

Data Categories We Receive and Use

We receive the following categories of User Data from our Data Partners:

mobile advertising device IDs such as Apple’s Identifier For Advertisers (IDFA) and Google Advertising ID (“Advertising ID / Ad ID”); cookies;
hashed email addresses;
demographic information such as age, gender, city/region (“Demographic Data”);
mobile app usage data about apps installed/accessed on a user’s device, app events, and browsing data such as browsing URLs (“App Usage and Browsing Data”);
purchase data;
geolocation data.

Our Data Partners may collect data directly from users (both online and offline) or receive data from third parties.

We request that our Data Partners provide users with all required information about the use of their data and provide an opt-in / opt-out option in accordance with applicable laws and regulations.

We may also use cookies, pixels and similar technologies to collect users’ Advertising IDs or cookie identifiers ourselves. In the course of providing Services, we receive access to IP addresses and Advertising Bid Requests.

When we obtain different User Data pertaining to the same device from multiple Data Partners, we aggregate such User Data and store it against the same Advertising ID (“Ad IDs”) or cookie. SSMAS also maintains a separate ID inventory that connects User Data into a common ID and serves as an internal pseudonymous identifier.

We enhance User Data to create pseudonymised data segments and aggregate such segments into segment lists or Ad ID / cookie lists based on our Clients’ preferences. We then share such lists with our Clients to enable them to effectively target the relevant users.

We do not interact directly with users or their devices, unless a user sends us a deletion request along with their Ad ID, as described below under “Choice and Control Rights You Have.”

Advertising IDs

Advertising IDs (“Ad IDs”) are user-resettable, unique, anonymised identifiers for advertising. Ad IDs identify a specific device and are implemented both on Apple iOS (“Identifier for Advertising” / “IDFA”) and Google Android (“Advertising ID”).

We obtain Ad IDs associated with pseudonymised User Data from our Data Partners. Ad IDs are then used by our Clients to identify advertising requests and to deliver relevant advertisements.

We may also use Ad IDs to establish a relationship between different User Data attributes pertaining to the same user. For example, if we obtain User Data indicating that a certain user is between 25 and 30 years old, and later learn from another Data Partner that the user of the same device is interested in a healthy lifestyle, we combine this information against the same Advertising ID or cookie.

Cookies

An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply a cookie) is a small piece of data sent from a website and stored in the user’s web browser while the user is browsing.

We set third-party cookies on behalf of Publishers who provide space for the display of advertising within websites.

We may use cookies to establish a relationship between devices or data pertaining to the same user. If we already have information about a device’s user, we may link the information stored in cookies to the device’s Ad ID. We use this information to facilitate the delivery of our Clients’ targeted advertisements.

Hashed Email Addresses

Some Data Partners or Clients may provide their offline data such as email addresses and phone numbers. We require that such data be hashed using secure hashing algorithms prior to sharing with SSMAS.

We use hashed emails or phone numbers to establish a relationship between offline and online user profiles pertaining to a certain user. For example, a Client may wish to run an advertising campaign on mobile devices targeting users whose email addresses and/or phone numbers the Client already holds. Without respective Ad IDs, the Client cannot target the desired audience. By comparing hashed email addresses and phone numbers provided by the Client with the User Data we have from our Data Partners, we can match hashed email addresses or phone numbers to Ad IDs corresponding to the same user, resulting in a list of Ad IDs that correspond to the Client’s target audience.

Demographic Data

We may obtain demographic User Data from our Data Partners, such as:

user demographics (e.g., age or age range and gender);
general geographic area of the billing address and postcode;
predicted or actual income tier;
other demographic information received or collected by our Data Partners.

SSMAS uses this information to create demographic segments about users, for example users who are “males, 20 to 34, living in Madrid.” We connect segments with Ad IDs and cookie IDs so that our Clients can reach their target audiences on mobile devices and web browsers.

App Usage and Browsing Data

We may obtain App Usage and Browsing Data from our Data Partners, such as:

apps installed/accessed on a user’s device;
app events such as purchases or sign-ups;
browsing data such as Uniform Resource Locators (“URLs”).

URLs are web addresses — a specific character string that constitutes a reference to a resource. Most web browsers display the URL of a web page above the page in an address bar.

We transform App Usage and Browsing Data into aggregated segments based on interests or purchase intent (such as Sports Enthusiast, Health & Fitness) which are of interest to our Clients.

Purchase Data

We may obtain purchase data from our Data Partners, such as:

items you have bought in stores;
items you have bought online;
items you have placed in an online shopping basket.

Geolocation Data

We may receive data from Data Partners about the physical location of a specific device, including latitude-longitude coordinates obtained through GPS tools, Wi-Fi, or cell tower triangulation techniques.

The location data we receive from Data Partners may be generalised or non-precise, or we may render the location data non-precise in order to provide generalised location data to our Clients. Our Clients may use inferences from this information to send localised or targeted advertisements.

Advertising Bid Requests and IP Addresses

In real-time bidding (“RTB”), Publishers send advertising bid requests (“Bid Requests”) in real-time to Advertisers, indicating that they have an open advertising space (“Impression”) to sell. The Impression is auctioned among interested Advertisers and sold to the highest bidder.

Bid Requests from mobile apps usually contain an Ad ID alongside information such as the IP address, impression type (banner, audio, video), format, app, publisher, device, etc. We collect and use the Bid Request and Ad ID in order to participate in the RTB process on behalf of our Clients.

We render IP addresses received as part of Bid Requests imprecise to prevent the identification of a user. Our Clients may then use pseudonymised IP addresses to localise advertisements.

Legal Basis for Processing Personal Data

Our Services enable our Clients to tailor advertising to the interests and preferences of users on their devices. As a result, the number of advertisements that are not relevant or of interest to users is reduced.

SSMAS processes personal data on the following legal bases:

Consent: For profiling, interest-based advertising, RTB, and the use of cookies and similar tracking technologies, our legal basis is the consent of the user, obtained in accordance with applicable law and the IAB Europe Transparency & Consent Framework (TCF).
Legitimate Interests: We may process personal data on the basis of our legitimate interests where those interests are not overridden by the rights and freedoms of users. This applies to a limited set of activities including fraud detection and prevention, security, internal analytics performed on aggregated or pseudonymous data, and legal compliance. Where we rely on this basis, we conduct a balancing test to ensure that user rights are protected.

Any processing of your personal data by SSMAS is subject to your rights of choice and control as explained below in “Choice and Control Rights You Have.”

SSMAS participates in the IAB Europe Transparency & Consent Framework (TCF), an industry standard designed to help companies in the digital advertising ecosystem comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

As a TCF participant, SSMAS operates in accordance with the TCF Policies and Specifications. Our IAB Europe Vendor ID is 1183. We implement effective mechanisms to obtain and manage user consent and ensure that user choices are respected in accordance with applicable regulations.

For more information about the TCF, please visit https://iabeurope.eu/transparency-consent-framework/.

SSMAS is also a Google Certified Publishing Partner (GCPP), reflecting our commitment to quality and compliance within the Google advertising ecosystem.

We share User Data with the following categories of Clients:

brands and agencies (“Advertisers”);
owners of media properties (“Publishers”) and other companies that deliver targeted advertising to users;
third-party data platforms such as Demand Side Platforms (DSPs), Data Management Platforms (DMPs), advertising marketplaces, ad networks, and similar platforms (“Data Platforms”).

We may share your User Data with third-party vendors that help us extract valuable insights from raw User Data. In all such processes, only App Usage and Browsing Data are sent to external vendors and no identifiers such as Ad IDs, cookies, hashed email addresses, or phone numbers are shared with those vendors.

We store User Data in data centres provided by third parties.

We also share your User Data with our affiliates in Spain that provide technical support and assist SSMAS in operationally delivering services. We will also disclose your User Data in response to valid legal processes, and/or to comply with applicable legal and regulatory reporting requirements. We are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with us, or our affiliates. In these cases, we will require the acquiring company to carry on the material terms of this Policy, including requests for data deletion.

You can check the privacy policy and opt-out options of the partners we work with at the following links:

Please note that using the above options does not mean you will stop receiving advertising altogether, but rather that the advertisements you receive will not be personalised to you.

International Transfers of User Data

When we share User Data with the recipients described above, such sharing may constitute a transfer outside of your country of residence. By law, we are required to ensure that the level of protection afforded to your personal data by European law is not undermined by such transfer.

For transfers of personal data to third countries, SSMAS relies on the following appropriate safeguards:

Standard Contractual Clauses (SCCs) as approved by the European Commission, entered into with the relevant User Data recipients;
The EU–U.S. Data Privacy Framework (DPF), where applicable and where the recipient has self-certified under the DPF.

Please note that the EU–U.S. Privacy Shield has been invalidated by the Court of Justice of the European Union (Schrems II, C-311/18) and is no longer a valid transfer mechanism. SSMAS does not rely on the Privacy Shield.

How We Protect Personal Data

We take appropriate technical and organisational safeguards to protect any personal data we receive from theft, loss, and unauthorised access. We follow generally accepted standards to protect personal User Data throughout the entire use cycle, from initial transfer through to deletion.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

Choice and Control Rights You Have

Your personal data belongs to you. You have the right to erase any User Data that we may hold in our systems or to restrict its processing. The options available to you are described below.

You may opt out from the processing of your personal data directly with the mobile operator or another Data Partner (please refer to their respective privacy policy).
You may opt out from targeted advertising by selecting “Limit Ad Tracking” on iOS or “Opt-out of interest-based ads” on Google Android. You may reset your Ad ID by selecting “Reset Advertising Identifier” on Apple iOS or “Reset Advertising ID” on Google Android.
You may opt out by clearing or blocking our cookies in your mobile browser settings.
Users may request deletion of data associated with their Ad ID by submitting their Ad ID to our Privacy Team at privacy@ssmas.com.
You may also manage your consent preferences through the Consent Management Platform (CMP) available on Publisher Websites that use our technology.

Your Other Rights

In addition to the rights to request deletion of your data or restriction of processing, you have the right to:

access your personal User Data;
request rectification of inaccurate personal User Data;
lodge a complaint with a supervisory data protection authority (in Spain, the Agencia Española de Protección de Datos — AEPD, www.aepd.es);
data portability, i.e., to receive your personal data in a structured, commonly used and machine-readable format.

To exercise any of these rights, please submit your request together with your Ad ID to our Privacy Team at privacy@ssmas.com.

Information Retention

We retain data until the occurrence of one of the following events:

expiration of the retention period in accordance with the SSMAS data retention policy;
receipt of a request from a Data Partner to delete certain User Data; or
submission by the user of their Ad ID to us for deletion of associated data.

Children’s Privacy

Our services are not directed at minors. In accordance with the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) and the GDPR, we do not knowingly collect, use, or share:

data about users under the age of 14; or
data about past or current activity on applications directed at children under the age of 14.

If you believe that we have inadvertently collected personal data about a minor, please contact us at privacy@ssmas.com and we will take prompt steps to delete that information.

Your browser may offer a “Do Not Track” option. We do not currently honour “Do Not Track” signals; however, users may exercise equivalent controls through our Consent Management Platform (CMP) as described in this Policy.

Contact

If you have any questions or suggestions about this Policy and our privacy practices, please contact us at:

SEMSEOYMAS ONLINE MARKETING SL
Paseo de la Castellana 259C, 18th Floor
28046 Madrid, Spain

Email: privacy@ssmas.com
Website: www.ssmas.com

Privacy Policy