When our technology is used for our own website and our own marketing campaigns, hurra.com is a controller in accordance with GDPR.
Hurra Communications GmbH
CEO: René Schweier
When our technology is used by and on behalf of our clients, these clients are controllers. In this case, hurra.com is a processor in accordance with Article 28 GDPR.
What data we process?
The following personal data categories are processed using OWAPro technology:
- Online identifiers
- IP addresses*
- User ID (cookie)
- Session ID (cookie)
- Cross-device user ID*
- Mobile user ID*
- Interests and activities
- Information about the displayed and clicked creative ad
- Information on the visited pages of a website
- Information on all viewed products*
- Information about products added to the shopping cart*
- Time spent on a web page
- Previously visited websites (referrers)
- Actions taken on the website (conversions/events)*
- Demographic information
- Age range*
- Location information* (Approximated)
- Region / city of website access
- ZIP code*
- Device Information
- Information on the device used during the visit
- Information on the browser used during the visit
- Transaction Information
- Information on products purchased during the visit*
- Payment method
- Information on the order amount
- Date and time of the purchase
- Client status*
* Processed data depends on the settings, commissioned agency services, or OWAPro services in use.
By default, IP addresses are automatically anonymized by OWAPro and processed only anonymously. Therefore, we erase the last octet (3 digits) of an IP address before we send it to our storage. As a result, a personal reference is no longer accessible. However, hurra.com clients can change this setting themselves in the OWAPro settings or ask hurra.com to do it on their behalf.
Email (cross-device user ID)
Email addresses are exclusively processed in an anonymized form in OWAPro, with the use of a hashing algorithm.
With cross-device tracking, our clients generate or send users pseudonyms to us. The pseudonym is usually generated on the base of a login (e.g., username or email address) by a cryptographic hash algorithm on the client’s web server and by the client themselves. By definition, the generated pseudonyms cannot be decrypted so the process is irreversible.
We do not recognize you personally
OWAPro collects only pseudonymized personal data, which hurra.com cannot use to identify any person.
How data is collected?
hurra.com collects data in the following ways:
- Tracking through:
- Page tag – A tracking tag implemented on our clients’ websites.
- Ad click tag – A click-through URL connected to our clients’ ads.
- Banner view tag – A 1×1 pixel displayed along with a creative ad (banner).
- File upload – Our client sends us a file with information on canceled (returned) products.
- Advertising partner data – Our tool connects with ad services to fetch user data.
- CRM data from our clients.
What we do with your data and why we process it?
Our technology is used by and/or on behalf of our clients for the following purposes:
Performance and optimization
Our purpose is to prepare a cost-benefit analysis of our clients’ online marketing campaigns through analyzing user traffic to and on our clients’ websites. The kind of data we collect and process depends on the particular implementation of the conversion tracking – which is adjusted to the needs of our clients and their online marketing goals.
Advertising using first-party data
We collect and process data concerned with user (i.e., your) behavior on our client’s website, and we send only your profile ID to our advertising partners. Thanks to information on your experience on our client’s website, advertising partners can show you ads which are better suited to your preferences.
Advertising using third-party data
We collect data on user (i.e., your) behavior on our client’s website, and send it directly to third-party advertising partners through their marketing tags. Third-party advertising partners use this data to create your user profile (containing basic information valuable for online marketing), which helps our clients to optimize their online marketing strategies.
What is the legal basis for data processing?
The Data Processing Agreement, which we enter with our client, is always our legal basis for data processing. The application of the justified legal basis for processing any data is the controller’s (our client’s) responsibility. Data processing performed by hurra.com and its affiliates is limited by the law. The possible legal bases include: the controller’s legitimate interest, or user (i.e., your) consent, either explicit or implicit. Our recommendations to which situations those legal bases should be applied are listed below.
Our client’s legitimate interest, if not outweighed by your interests or fundamental rights and freedoms, applies to:
- Ad performance (including TV ads) measuring, reporting, and optimizing ads with the aim to lower costs of communicating with a user (i.e., you) via ads.
- Sharing data with third-party advertising partners for ad performance measuring, reporting, and optimizing ads with the aim to lower costs of communicating with a user (i.e., you) via ads.
- Measuring, reporting, and optimizing the inventory of products purchased by a user (i.e., you) and other visitors to our client’s website.
- Website performance measuring, reporting, and optimizing to enhance user (i.e., your) experience on our client’s website.
- Our client’s customer lifetime value and customer profitability measurement based on data tracked by OWAPro and fetched from our client’s CRM with an aim to assess proper decisions regarding marketing costs.
- Creating user (i.e., your) high-level profile based solely on first-party data (e.g., including the information that a user (i.e., you) have added a product to the shopping cart) with an aim to show ads that are better suited to user (i.e., your) preferences (personalized advertising).
Your consent applies to:
- Creating user (i.e., your) low-level profile (i.e., a profile that is more detailed than a high-level profile) based solely on first-party data (e.g., including the information that a user has added a product from a specific category, or within a specific price range to the shopping cart) with an aim to show ads that are better suited to user (i.e., your) preferences (personalized advertising).
- Tracking user (i.e., your) online activity on our client’s website or mobile application across multiple devices to better understand user (i.e., your) online behavior on our client’s website or mobile application, to create better marketing strategies concerning bidding on ads, and to create better marketing messages and ads.
- Sharing data collected about a user (i.e., you) during the visit on our client’s website with third-party advertising partners, who combine data collected by us with data they have collected to be able to create a user (i.e., your) profile with an aim to show ads that are better suited to user (i.e., your) preferences.
Where is your data processed by us?
For the EU users, data collection, processing, and storage takes place exclusively in our data centers in Frankfurt (Germany) and/or Kraków (Poland).
For the users from outside the EU, data collection and processing as well as temporary storage are possible if the data has been transmitted to one of our data centers in the EU. There is no permanent data storage outside the EU.
Who may we share your data with?
Hurra Communications GmbH, based in Germany, processes data on behalf of their clients as a digital marketing agency in accordance with the Data Processing Agreement. For that purpose, GmbH cooperates closely with its sub-processor Hurra Communications Sp. z o.o., based in Poland, which is a marketing technology software house. The legal basis for processing personal data by Sp. z o.o. is the Data Processing Agreement between Hurra Communications GmbH and Hurra Communications Sp. z o.o.
Partners we and our clients work with
- Ad Cash
- Ad Up /Springer
- Facelift Cloud
- Google AdWords
- Google DoubleClick
- Microsoft Bing Ads
- Rakuten/ Nextperf
- RTB House
- SEM Scout
- Smarter Ecommerce (Whoop)
- TargetMail / Mail RU
- Trade Desk
- Travel Audience
How third parties process your data?
If your data is shared with a third-party advertising partner, it is done for the purpose of ad performance optimization as well as for creation of user (i.e., your) profile, which aim is to show you ads that are better suited to your preferences on that third-party advertising partner’s websites.
If your profile is created by a third-party advertising partner, it is created based on either data collected by us during your visits to our client’s website, or a combined set of data on your visits to our client’s website and data collected about you by third-party advertising partners.
Your profile, along with campaign targeting settings, determine which ads will be displayed to you on websites which belong to third-party advertising partners, or to their ad network.
How long we store your data?
Personal data is deleted or anonymized after 18 months.
How we find you?
As hurra.com, we use “cookies” and similar technologies to assess the effectiveness of various advertising strategies of our advertising partners. These technologies allow us to measure the advertising reach and effectiveness of online advertising campaigns and websites.
Cookies are used to enable the recognition of an internet browser during a re-visit. These cookies may store unique online identifiers (“cookie ID”) and other non-personal information on your device.
Cookies are stored by the web browser on your computer in the form of small text files and are limited to a size of 4 KB per domain. Cookies are plain text files that cannot be used to store or run malicious or executable programs.
We store information about the server that has set the cookie, a name of the cookie and its lifetime, and, depending on the purpose of the cookie, various other non-personal data.
How long are cookies stored?
Cookies lifetime depends on each cookie’s purpose. Exact information about the different types of cookies, their purpose, lifespan, and data they store can be found below.
|Client Cookie||<cid>||ssl.hurra.com||Default 30 days||Client cookie stores info about click request ID, client ID, channel ID, and expiration date.||00=cKcEcH8AAAEAAAZZWDYAAABk:C00G3:1326233206|
|Unique User Cookie||__uu||.hurra.com||365 days||Unique User Cookie is used to collect data on a specific user; i.e., their behavior on a website (e.g., bounce rate) and to match this user to specific ad clicks.||_uu=cKcEcH8AAAEAAAZZWDYAAABk|
|Post-View-Sale Cookie||pvs||ssl.hurra.com||30 days||Post-View-Sale Cookie is used to measure conversions attributed to ad impressions.||pvs=cKcEcH8AAAEAAAZZWDYAAABk:C00G48:1323643602|
|Affiliate-Cookie||ac<cid>||ssl.hurra.com||** minutes||Affiliate-Cookie is used to transfer an affiliated click ID.||pvs=cKcEcH8AAAEAAAZZWDYAAABk:C00G48:1323643602|
|Call Minimization Cookie||fr||ssl.hurra.com||session||Call Minimization Cookie shows whether Local Storage and cookie matching checks were already executed (if applicable for a specific client).||fr=:::1480082567|
|Opt-Out Cookie||__coo||ssl.hurra.com||365 days||Opt-Out Cookie is used to mark the users’ lack of consent to data processing.||__coo=00|
|Forward Cookie||fcv||ssl.hurra.com||10 minutes||Forward Cookie is used to transfer tracking parameters.||fcv=UuhSgQHJAtRTXvmB~dPC2Jn8AAAEAABpZL2YAAAAB~dPC2Jn8AAAEAABpZL2YAAAAB;|
|Visit State Cookie||v<cid>||ssl.hurra.com||30 minutes||Visit State Cookie is used as a short-term storage of information about an active session.||v00=AARS58t_AAM~wNi092iTuo_omsDceL9p5g~http%253A%252F%252Fsome%252Dcool%252Dpage%252Enet%252F|
|A/B Testing Cookie||__lpo_u||.hurra.com||365 days||A/B Testing Cookie is used to store variants in A/B and multivariant tests.||__lpo_u=%7B%22854%22%3A+%7B%22eid%22%3A+3024%2C+%22cid%22%3A+277430%7D%7D|
|Consent Cookie||pb<cid>||.hurra.com||Consent Cookie is used for storing consent information/settings.||pb00=P8PUOB:AAE:AAg|
|Client Cookie||_HC_<cid>||Default 30 days||Client cookie stores info about click request ID, client ID, channel ID, and expiration date.||_HC_00=cKcEcH8AAAEAAAZZWDYAAABk:C00G3:1326233206|
|Unique User Cookie||_HC_uu||365 days||Unique User Cookie is used to collect data on a specific user; their behavior on a website (e.g., bounce rate) and to match this user to specific ad clicks.||_HC_uu=cKcEcH8AAAEAAAZZWDYAAABk|
|Affiliate-Cookie||_HC_ac<cid>||** minutes||Affiliate-Cookie is used to transfer an affiliated click ID.||_HC_ac523=”tduid=c35a38a5b79cb9ee38bd281a47dba5b0″|
|Call Minimization Cookie||_HC_fr||session||Call Minimization Cookie shows whether Local Storage and cookie matching checks were already executed (if applicable for a specific client).||_HC_fr=:::1480082567|
|Visit State Cookie||v<cid>||30 minutes||Visit State Cookie is used as a short-term storage of information about an active session.||v00=AARS58t_AAM~wNi092iTuo_omsDceL9p5g~http%253A%252F%252Fsome%252Dcool%252Dpage%252Enet%252F|
|Client ID||<cid>||Client ID cookie stores info about click request ID, client ID, channel ID, and expiration date.||00=cKcEcH8AAAEAAAZZWDYAAABk:C00G3:1326233206|
|Unique User ID||uu||Unique User ID Cookie is used to collect data on a specific user; i.e., their behavior on a website (e.g., bounce rate) and to match this user to specific ad clicks.||uu=cKcEcH8AAAEAAAZZWDYAAABk|
Third-party advertising partners, such as Google AdWords or DoubleClick, may also store cookies in your browser for remarketing and display advertising purposes. These cookies belong to third-party domains (i.e., a third-party advertising partner’s tracking code can be embedded on a website you are visiting, thus making your browser save cookies from these third-party domains). These third-party cookies are accessible to advertising partners on different websites, hence they can be used to create a user (i.e., your) profile based on information collected about you from domains belonging to different advertisers and advertising partners. The goal is to learn more about your product preferences to show you better suited ads. Likewise, other third-party tracking technologies can be integrated with OWAPro Tag Manager on our client’s request or implemented by our client themselves, and these technologies can also set cookies.
What if I don’t want to be tracked?
In accordance with Art. 21 Para. 2 GDPR, you have the right to object to the processing of personal data for direct marketing. That is why, we provide our clients with a client-specific opt-out mechanism which allows users (i.e., you) to object to future data processing on our client’s website through hurra.com. The opt-out mechanism is client-specific and thus only applies to the website of a specific client.
You can opt-out of data collection and processing by hurra.com services on our client’s website at any time. OWAPro may also already be configured to comply with the “Do Not Track” setting of your browser, which means that you have already objected to data collection and processing.
The opt-out mechanism is based on a cookie named “__coo”. Please note, that we can apply our opt-out mechanism as long as this cookie is present. If you delete that cookie yourself, we have no possibility to stop our technology from tracking you. The opt-out mechanism is bound to the device and the browser used for deactivation; i.e., the ones that were used while setting the opt-out option. To stop our technology from processing of personal data shared on other browsers and devices, the opt-out option must be set on those browsers and devices as well.
Does OWAPro respect Do-Not-Track (DNT) option?
Yes, if DNT has been activated by our clients through OWAPro. Do-Not-Track (DNT) is a setting that becomes active in your browser. For some browsers this option is enabled by default. If this setting is activated through OWAPro by our client, we comply with DNT and treat is as an Opt-Out option, which means that you are no longer tracked by the hurra.com technology.
Your other rights as a data subject
- Right of access – GDPR art. 15
- Right of rectifications – GDPR art. 16
- Right of erasure (“Right to be forgotten”) – GDPR art. 17
- Right to restriction of processing – GDPR art. 18
- Right to lodge a complaint with a supervisory authority – GDPR art. 77