Tunnl
HOMEABOUTVIDEO & GAMESADSPORTFOLIOCONTACT
Tunnl

Privacy Policy

Last Updated: 14 October 2025


Our Commitment to You


Tunnl BV (“we”, “our”, or “us”) is dedicated to providing users and partners who interact with our services the highest level of transparency and control over the use of their data. In order for us to provide you with our services we are required to collect and process certain personal information about you and your activity. This Privacy Policy explains how we collect, use, and share personal data in connection with our advertising technology, data, and analytics products.


We process data in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR and other applicable data protection laws.


By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken measurable steps to protect the confidentiality, security and integrity of this Information. We encourage you to review the following information carefully.


Who We Are


Data Controller:

Tunnl BV

Beechavenue 182, 1119 PX Schiphol-Rijk, Netherlands

[email protected]

If you have any questions about this policy or our data practices, please contact our Data Protection Officer (DPO) at [email protected]


How do we receive data about you?


We receive your Personal Data from various sources:

Registration information - When you voluntarily provide us your personal details in order to create a Tunnl account or register to our Service (for example, your name and email address); When you communicate with us - For example when you send us an email, we collect the Personal Information you provided us with. Technical information - When operating our services, we use various technological tracking tools to collect information regarding your use of the Website. Along with our partners, we may use tracking technologies such as cookies, JavaScript, beacons and Local Storage such as HTML5, which are used to store content information and preferences. You can learn more about the tracking tools we use by visiting our Cookie Policy. Third party information – We may receive your data from third party providers who help us with the provision and maintenance of our Services, such as traffic analytics vendors, fraud prevention agencies and others.


What type of data do we collect?


We collect and process both personal and non-personal data to operate and improve our advertising services.


Personal Data


In the course of using the Service, we may ask you to provide us with certain Personal Data to provide and improve the Service, to contact or identify you, to enable you to access certain parts of the Website, and as otherwise indicated in this Policy. We collect the following Personal Data about you:


Registration information: your name, your mailing address, your email address, telephone number, and similar contact details.


When using our Website - our webserver will collect your IP-address, and information about your general location (such as city and country).


Non-Personal Data


We also collect data about the use of our Service and the characteristics and activities of users, in order to operate it and improve it. We may collect the following non-Personal Data:


Technical information - this category includes data such as website visits, the browser you are using and its display settings, your operating system, device identifiers, browser user agent, session start/stop time, time zone, network connection type (e.g., Wi-Fi, cellular), and cookie information.


Advertising and analytics information – this includes ad request and bid data, impressions, clicks, and conversions, which allow us and our partners to deliver, measure, and optimize digital advertising performance.


Information from third parties - this category includes information we receive from our business partners. We may receive additional pseudonymous data from demand- or supply-side partners, data providers, and measurement companies, including identifiers and contextual information. This may include cookie identifiers or pseudonymous advertiser identifiers that some Advertisers or other third party ad platforms choose to share with us (such as IDFA, GAID). This information is also used to enhance data points about a particular unique browser or device.


If we combine Personal Data with non-Personal Data, the combined data will be treated as Personal Data. Further Personal Data will only be stored and processed if you voluntarily provide it to us, e.g. through a contact form.


Tracking Technologies


When you visit or access our Services we use (and authorize 3rd parties to use) pixels, cookies, events and other technologies. Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our Services, improve our Website's performance, perform analytics and customize your experience on it. In addition, we may merge information we have with information collected through these tracking technologies with information we may obtain from other sources and, as a result, such information may become Personal Data.


To learn more about our Tracking Technologies please visit our Cookie Policy page.


How do we use the data we collect?

TCF Purpose IDPurpose NameLegal BasisExample Processing Context

1

Store and/or access information on a device

Consent

Cookies and device IDs

2

Select basic ads

Legitimate interest

Non-personalized ad delivery

7

Measure ad performance

Legitimate interest

Viewability and reporting

9

Apply market research to generate insights

Legitimate interest

Aggregated analytics

10

Develop and improve products

Legitimate interest

Ad optimization and system enhancement

Provision of service – We use the data we collect to provide, operate, and improve our Services. This includes supporting partners, maintaining technical performance, responding to your inquiries, and ensuring that ads and content are delivered correctly.


Advertising delivery and performance measurement – We and our partners use automatically collected data (such as ad request and bid data, impressions, clicks, and conversions) to deliver, measure, and optimize digital advertising. This includes activities such as ad serving, frequency capping, viewability measurement, audience reach analysis, and campaign reporting.


Service announcements – We will use your Personal Data to communicate with you and to keep you informed of our latest updates to our Services and offer you service offers.


Marketing purposes – We may use your Personal Data (such as your email address or phone number). For example, by subscribing to our newsletter you will receive tips and announcements straight to your email account. We may also send you promotional material concerning our services or our partners' services (which we believe may interest you), including but not limited to, by building an automated profile based on your Personal Data, for marketing purposes. You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the "unsubscribe" link in the emails that you receive from us. Please note that even if you unsubscribe from our newsletter, we may continue to send you service-related updates and notifications, or reply to your queries and feedback you provide us.


Opt-out of receiving marketing materials - If you do not want us to use or share your Personal Data for marketing purposes, you may opt-out in accordance with this "Opt-out" section. Please note that even if you opt-out, we may still use and share your Personal Data with third parties for non-marketing purposes (for example to fulfill your requests, communicate with you and respond to your inquiries, etc.). In such cases, the companies with whom we share your Personal Data are authorized to use your Personal Data only as necessary to provide these non-marketing services.


Analytics, surveys and research – from time to time, we may conduct surveys or test features, and analyze the data we have to develop, evaluate and improve these features, all in order to improve our Service and think of new and exciting features for our users.


Protecting our interests – we may use your Personal Data when we believe it's necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our services and protect the rights and property of Tunnl, its users and/or partners.


Enforcing policies – we may use your Personal Data in order to enforce our policies, including but not limited to our Terms.


Compliance with legal and regulatory requirements – we may use your Personal Data to investigate violations, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.


Legal Bases for Processing


We process personal data in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR.


Depending on the specific activity and purpose, we rely on one or more of the following legal bases:


  • Consent – We obtain your consent before using cookies, local storage, or similar technologies that access information on your device, and for activities that involve personalized advertising, profiling, or the creation of marketing audiences. You can withdraw your consent at any time through our cookie-consent banner or by adjusting your settings in your browser or device.

  • Legitimate Interest – We process certain data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms.

  • These activities include:

    • Ad delivery, frequency capping, and non-personalized ad serving

    • Measuring and analyzing ad performance

    • Detecting and preventing fraud, invalid traffic, or security threats

    • Operating and improving our services and infrastructure

  • You may object to processing based on legitimate interest at any time by contacting us at [email protected] or through our consent-management tools.

  • Legal Obligation – We may process or disclose data when necessary to comply with legal or regulatory requirements, court orders, or governmental requests.


We always ensure that the legal basis for each data-processing activity is documented and that your rights as a data subject are respected.


Cookies, Device Storage & Identifiers


We and our partners use cookies and similar technologies to recognize your browser or device, store and retrieve information, and deliver relevant advertising experiences. These technologies help us provide, protect, and improve our Services and the ads we deliver.


What Technologies We Use


We and authorized third parties use several types of technologies, including:


  • Cookies – small text files placed on your browser or device to store preferences, identifiers, and session data.

  • Local and Session Storage (e.g., HTML5, Local Storage Objects) – technologies that allow us to retain information in your browser between visits.

  • Pixels and Beacons – small code snippets that record when you have viewed content, an ad, or taken a specific action.

  • Device Identifiers – unique identifiers assigned by your mobile device (such as IDFA or GAID) or by our partners (such as third-party advertising IDs like Intent IQ ID, UID2, or ID5).


Purposes of Use

These technologies are used for:


  • Essential functionality – to enable the site to function and remember your settings.

  • Analytics and performance – to understand how our Services are used and to improve performance.

  • Advertising and personalization – to deliver, measure, and optimize ads, including frequency capping, ad selection, and audience measurement.

  • Security and fraud prevention – to detect invalid traffic or prevent unauthorized access to our systems.


Data Storage and Retention


Cookies and identifiers are retained for as long as necessary to fulfill their purpose, but generally no longer than 13 months unless a longer period is required for compliance or legitimate interests. Some partners may set their own retention periods in accordance with their privacy policies.


With whom do we share your Personal Data?


Internal concerned parties – We share your data with companies in our corporate group and authorized employees who require access to perform their duties, such as customer support, engineering, and operations.


Third-party partners and service providers – We share pseudonymous data with selected third parties who support the delivery, measurement, and security of our advertising technology. These partners include:


  • Supply-side and demand-side platforms (SSPs and DSPs) that buy and sell advertising inventory.

  • Identity and audience partners, such as Intent IQ, ID5, LiveRamp, and similar vendors, that provide ID resolution and addressability services.

  • Analytics and measurement providers that help us evaluate campaign performance and reach.

  • Fraud-prevention, security, and verification vendors that detect invalid traffic or protect our systems.

  • Cloud-hosting, storage, and infrastructure providers that enable us to operate our services.


All such partners are required to process data only as instructed by us, in compliance with this Privacy Policy and applicable data-protection laws.


We participate in the IAB Europe Transparency & Consent Framework (TCF v2.2). Our vendor relationships and lawful bases for processing can be reviewed in the IAB Global Vendor List (GVL).


Compliance with laws and law enforcement entities - We may disclose information when required by law, regulation, legal process, or governmental request, or when disclosure is necessary to protect our rights or those of others, investigate potential violations, or ensure safety.


Merger and acquisitions – If we are involved in a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction, and the acquiring entity will continue to handle it under this Privacy Policy.


Protecting our interests – We may share data to prevent fraud, enforce our Terms of Service, defend against claims, or protect the security and integrity of our Services.


Transfer of data outside the EEA


Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.


Data Retention - We retain pseudonymous data for no longer than 13 months, unless required to comply with legal obligations. Aggregated or anonymized data may be stored longer for analytical purposes.


Data Security and Your Rights


How we protect your information


We take the security of your personal data seriously.


Tunnl has implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. Your data is stored on secure servers and accessible only to authorized employees and service providers who require it to perform their duties.


These measures include encryption, access controls, regular audits, and secure data-transfer protocols. While we make every reasonable effort to protect your information, no method of storage or transmission over the Internet is entirely secure.

You are responsible for safeguarding your account credentials, and we encourage you to use strong passwords and maintain the confidentiality of your login information.

Transmission of information online is done at your own risk.


Data Security and Your Rights


Your Rights


Depending on your location and applicable data-protection laws (such as the EU GDPR, UK GDPR), you have the following rights regarding your personal data:


  • Access – Request confirmation of whether we process your data and obtain a copy of it.

  • Rectification – Request correction of inaccurate or incomplete information.

  • Erasure – Request deletion of your data (“right to be forgotten”) where applicable.

  • Restriction – Ask us to limit certain types of processing.

  • Portability – Receive your data in a structured, commonly used, and machine-readable format.

  • Objection – Object to processing based on legitimate interest.

  • Withdraw consent – Revoke consent for processing at any time (without affecting the lawfulness of processing before withdrawal).


You may exercise these rights by contacting us at [email protected].

We may need to verify your identity before fulfilling certain requests, and we will respond within the time limits set by applicable law.


If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local Data Protection Authority.


Opt-Out & Managing Preferences


Tunnl BV operates as an intermediary within the digital advertising ecosystem and does not currently operate its own Consent Management Platform (CMP). We rely on our publisher and partner CMPs to obtain valid user consent and to transmit corresponding TCF consent strings. We honor and act upon these consent preferences throughout the ad delivery and measurement process.


If you wish to manage your advertising and tracking preferences more broadly across participating companies, you can use the following industry-standard tools:


  • IAB Europe YourOnlineChoices.eu – manage preferences for companies participating in the Transparency & Consent Framework.

  • Network Advertising Initiative (NAI): https://optout.networkadvertising.org/

  • Digital Advertising Alliance (DAA): https://optout.aboutads.info/


Opting out of personalized advertising will not eliminate ads entirely but will make them less tailored to your interests.


Please note that opting out of personalized advertising does not mean you will no longer see ads—it only means the ads you see may be less relevant to your interests.


If you encounter any issues managing your choices, you can contact us directly at .


Security


We maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, network firewalls, access controls, and internal security policies governing how data is stored and accessed.


While we take reasonable precautions to safeguard information, no online service can guarantee absolute security. You use our Services and transmit information at your own risk.


If we ever become aware of a data breach that may affect your rights or freedoms, we will notify you and the relevant authorities as required by applicable law.


Changes to This Policy


We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. When updates are made, we will revise the “Last Updated” date at the top of this page.


If the changes are significant, we will provide a more prominent notice (for example, through our website banner or direct communication where appropriate).


We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.


Contact


For any privacy-related inquiries, please contact:

Email: [email protected]

Address: Beechavenue 182, 1119 PX Schiphol-Rijk, Netherlands