GDPR Privacy Policy for Altitude Digital Advertising
Effective Date: August 15th, 2025
1. Who We Are and What This Policy Covers
Altitude Digital Advertising (“We,” “Us,” “Our”) is a digital advertising agency. This Privacy Policy applies to the personal data we process as a data controller in relation to our website visitors, clients, and prospective clients, and as a data processor when we process personal data on behalf of our clients.
Our primary establishment is in [Your Country], and our representative in the European Union (if applicable) is [Name and Address of EU Representative].
2. What Personal Data We Collect
We collect and process the following categories of personal data:
- For Website Visitors and Prospects:
- Contact Information: Name, email address, phone number.
- Technical Data: IP address, browser type, operating system, information about your device, and your interaction with our website (e.g., pages visited, links clicked).
- Marketing and Communication Preferences: Your preferences for receiving marketing from us and our third parties.
- For Clients and Suppliers:
- Business Contact Information: Name, job title, company name, business email, and phone number.
- Financial Data: Payment details for billing purposes.
- Contractual Information: Data necessary to fulfill our contractual obligations.
- For Ad Campaigns (as a Data Processor):
- We process personal data on behalf of our clients. This data may include IP addresses, device IDs, cookie identifiers, and inferred demographic data. We do not determine the purposes or means of this processing; our clients do. Our role is strictly defined by our contracts with them.
3. The Legal Basis and Purpose for Processing Your Data
We will only use your personal data when we have a valid legal basis to do so under the GDPR.
| Purpose of Processing | Legal Basis | Types of Data |
| To provide our services to you as a client. | Performance of a contract. | Business Contact, Financial, Contractual |
| To manage our relationship with you, including billing and support. | Legitimate interests (to manage our business effectively). | Business Contact, Financial |
| To send you marketing communications and newsletters. | Your specific, informed consent (for new prospects).<br>Legitimate interests (for existing clients, in compliance with ePrivacy rules). | Contact, Marketing Preferences |
| To analyze website traffic and improve our services. | Legitimate interests (to understand our audience and optimize our website). | Technical |
| To fulfill our legal or regulatory obligations. | Compliance with a legal obligation. | All categories as required. |
| To personalize ad campaigns on behalf of our clients (as a Data Processor). | This is determined by our clients (the Data Controllers). Our processing is based on their instructions and their legal basis (most often consent). | Technical, Ad Campaign data. |
4. How We Collect Your Data
- Directly from You: When you contact us, fill out a form, or become a client.
- Automatically: When you visit our website through the use of cookies and similar tracking technologies.
- From Third Parties: We may receive data from business partners, social media platforms, or data brokers, provided they have a legal basis to share this data with us.
5. How We Share Your Data
We may share your personal data with the following recipients:
- Service Providers: We use third parties to help us run our business, such as IT service providers, hosting providers, payment processors, and analytics providers. These providers only process data on our behalf and according to our instructions.
- Clients (as a Data Processor): When we act as a data processor, we share data back with our clients as instructed by our contracts.
- Legal and Regulatory Authorities: If required by law, we may disclose your information to comply with a legal obligation or a valid governmental request.
6. International Data Transfers
As an international company, your data may be transferred to and stored in countries outside of the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure a similar degree of protection is afforded to it by using at least one of the following safeguards:
- We will transfer personal data to countries that the European Commission has deemed to provide an adequate level of protection for personal data.
- We use specific contracts approved by the European Commission, which give personal data the same protection it has in Europe.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8. Your Data Protection Rights
Under the GDPR, you have the right to:
- The Right to Be Informed: You have the right to be informed about how your personal data is collected and used.
- The Right of Access: You can request a copy of the personal data we hold about you.
- The Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data we hold.
- The Right to Erasure (‘Right to be Forgotten’): You can request that we delete your personal data. This right is not absolute and may be subject to certain conditions.
- The Right to Restrict Processing: You can ask us to temporarily halt the processing of your data.
- The Right to Data Portability: You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format.
- The Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
- The Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at [Email Address] or [Phone Number].
9. Contacting Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Altitude Digital Advertising
[Your Company Address]
Email: [Your Designated Privacy Email Address, e.g., privacy@altitudedigital.com]
Phone: [Your Phone Number]
10. Changes to this Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the “Effective Date” at the top of this policy and, where appropriate, by other means.
- Controller vs. Processor: The distinction between your role as a data controller (you decide the purpose and means of processing) and a data processor (you process data on behalf of a client) is fundamental and must be clearly defined in your policy.
- Data Subject Rights: You must have clear, operational processes in place to handle data subject rights requests, especially the right to object to direct marketing and the right to erasure (right to be forgotten). This means being able to easily locate and delete a user’s data if requested.