top of page

NEORY Privacy Policy


NEORY Privacy Policy

We at NEORY GmbH, Brandschachtstrasse 2, 44149 Dortmund, Germany, Tel +49 231/58 69 73 - 0, take the protection of your data very seriously. We therefore only process your Personal Data in accordance with the provisions set out in this privacy policy, the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).


​1. Data controller

We as the data Controller within the meaning of the GDPR are responsible for the processing of your Personal Data, which we collect in connection with your use of our website or a contact initiated by either yourself or us.


2. Definitions

This privacy policy uses the definition of terms set forth in the General Data Protection Regulation (GDPR).

  • "Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or transfer, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

  • "Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.


3. Visiting our website

When you visit our website, the browser on your device automatically sends information to the server hosting our website and also to our website generation provider, please refer their privacy policy:

The information processed by our website hosting server is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted, typically after one week:

  • Truncated IP address of the requesting computer,

  • Date and time of access,

  • Name and URL of the accessed file,

  • Website used to access our website (referrer URL),

  • User agent of your browser (typically specifies the browser and operating system).


We process this data for the following purposes:

  • Ensure a smooth connection to the website,

  • Ensure easy use of our website,

  • Evaluate the security and stability of the system

  • Investigate any possible unlawful access to our website (DoS/DDoS attacks, etc.) and

  • Other administrative purposes.


The legal basis for this data processing is Article 6 (1) (f) GDPR. The purposes listed above constitute legitimate interests as defined by GDPR. We will not typically use the data collected to identify you. However, we reserve the right to do so if this becomes necessary to investigate unlawful access to our website.


4. Communication

If you have any questions, you can contact us by telephone or by email. If you provide us with Personal Data through these channels or our website (e.g. by using the contact form), we will store and use this data on the basis of Article 6 (1) (a) GDPR solely to process your query, or on the basis of Article 6 (1) (b) GDPR to take steps at your request prior to entering into a contract. You may revoke your consent to the processing of your Personal Data at any time. All you need to do is send an email to We will erase your data insofar as this does not conflict with statutory retention requirements (for example, if you send us a pre-contractual message using the contact form and we then establish a contractual relationship with you, or if your message refers to an existing contractual relationship).


5. Newsletter

If you provide us with your email address to receive our newsletter, we will use this email address on the basis of your consent pursuant to Article 6 (1) (a) GDPR for the purpose of sending you the newsletter. The newsletter is sent by the software newsletter2go belonging to the mailing provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Sendinblue GmbH only uses server locations in Germany to send the newsletter. Please refer to the mailing provider's privacy policy and other information, which is available at There is an unsubscribe link at the bottom of every newsletter, which you can use to unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time by sending a message to our email address If you unsubscribe from our newsletter, the Personal Data stored for the purpose of sending the newsletter will be erased, provided this does not conflict with statutory retention requirements.


6. Links to third-party services

The website contains links to social media platforms or other providers operated by third parties. However, a link to such a third-party provider will only be established after you have clicked on the corresponding button (link) on the website. We have no influence over the processing of Personal Data by these providers. For this reason, we refer you to the privacy policies of the respective operators:


7. Processing of partner and customer data

We use partner and customer data for the negotiation, conclusion and performance of our customer and partner agreements, in particular for correspondence, support and invoicing in connection with services integrated into the NEORY Marketing Cloud as described above. Such data may include the following:  

  • title, first name, last name

  • valid email address

  • postal address

  • phone number (landline and/or mobile phone)

  • If applicable, position in the company / organization, signatory powers, power of attorney


If you are the party to the agreement, the data is processed in response to your request and processing is required pursuant to Art. 6 (1) (b) GDPR for the above-listed purposes to ensure adequate customer service and for the mutual fulfilment of obligations arising from our agreement. If you are not the party to the agreement, we will process your data on the basis of, and subject to, your consent (Art. 6 (1) (a) GDPR). You may at any time withdraw your consent by letting us know of your withdrawal in an email to


8. Processing of website and mobile app visitor data in the NEORY marketing cloud


a. Our services

The NEORY Marketing Cloud (technology) is used to deliver digital advertising, manage digital advertising campaigns, conduct effective market research/analysis, collect statistical data for campaign tracking, detect malicious or invalid activity. In addition, the technology enables us, our partners and our customers to collect and store data about internet users (devices) and to use this data for analysis and marketing purposes.


In particular, the NEORY Marketing Cloud may provide the following services:

  1. We operate a Demand Side Platform (“DSP”). As a DSP we represent the demand side of the digital advertising marketplace, in which advertisers and agencies buying advertising inventory are the “demand” and publishers with space for such ads on web pages or mobile apps are the “supply”. Our DSP allows buyers of digital advertising inventory to buy and manage the buying of media advertising inventory from multiple sources through one interface.

  2. Moreover, we operate a Data Management Platform (“DMP”) for the collection and management of data. Such data allow our partners to identify audience segments, which can be used to target specific users and contexts in online advertising campaigns.

  3. We  also operate an AdServer which enables our partners and customers to store advertising content used in online marketing, to deliver that content onto various digital platforms such as websites, social media outlets, and mobile apps, to target ads to different users, and to report impressions, clicks, post-click and post-impression activities and interaction metrics.


b. Controllership and commissioned data processing

Through the NEORY marketing cloud we process data either as a Controller on our own behalf or as a Processor on behalf of our partners and customers, in each case for purposes related to targeting, delivering, measuring and reporting on advertising.


When providing services as a DSP and if, as a DMP, we provide data to partners for them to process them on our behalf, NEORY acts as a Controller. When providing AdServer services for our partners and customers, and when making available our DMP for partners and customers for them to process data on their own behalf or on behalf of third parties, we act as a Processor.


c. Type of personal data

The following user data is processed on the NEORY marketing cloud platform:

  • unique cookie identifiers

  • mobile device advertising identifiers

  • Truncated IP addresses

  • Information on advertiser URLs accessed, and at what time the advertiser’s website has been visited

  • interest information stored and/or used on the platform by partners and customers

  • interest information we create

  • other information about browsers and devices, such as type, version, screen resolution and other settings

  • location information based on truncated IP addresses or latitude/longitude coordinates, if provided to us

  • the user’s access provider and internet access speed

  • information about ads that are shown, such as which ads are shown to a device or user, where (which web page or app) they are shown, and at what time

  • views and clicks of, and interactions with, ads

  • online transactions with advertisers

  • preferred languages


Data processed on the NEORY marketing cloud platform is pseudonymous, which means that it can not be attributed to a specific data subject without the use of additional information which is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.


d. Collection of data, cookies

We do not collect data from you except for unique cookie identifiers. Collecting unique cookie identifiers enable us, our partners and our customers to create and use user profiles associated with unique IDs.


A cookie is a text file that contains a small amount of information which is downloaded to your browser from the site you are visiting. The server that places cookies into your browser is able to then read the information on the cookie that it set.


The NEORY cookie ID has a life span of 90 days after the last access. After this life span the cookie will be deleted.


e. Sharing and transfer

Our platform also enables our partners and customers to bring data into the NEORY marketing cloud so that the users on the Platform improve their ad campaigns. Our partners and customers include other DSPs, SSPs, other DMPs, ad exchanges (meaning a technology platform that facilitates the buying and selling of media advertising inventory from multiple ad networks), advertisers and publishers. We may share data processed on the platform with our partners and customers for the purposes of the NEORY marketing cloud as described in this Privacy Policy.


Our references to the NEORY marketing cloud in this Privacy Policy only refer to NEORY’s own advertising technology platform and systems and do not include the technology or systems of partners or customers that access the platform or integrate with us. With respect of the use of your data on other advertising technology platforms and systems we do neither act as a Controller nor as Processor of such data.


f. Purpose of data processing

We process data in order to provide the services as described in the chapter “Our Services” above. 


As part of our services, we may create and use user profiles associated with unique IDs on the basis of the data described in the chapter “Type of Personal Data” above. Such user profiles enable our partners and customers to ensure that visitors of websites and mobile apps see ads which likely match their interests. To that end we also engage in cookie matching, meaning that we match our cookie IDs to our customers’ and partners’ cookie IDs in order to share and aggregate such data for improving ad campaigns.


g. Legal basis of data processing; Opt-out

When we process data as a Controller for the purpose of operating a DSP, SSP and DMP, we will use consent as our legal basis for doing so (Art. 6 (1) a) GDPR).


NEORY implements and adheres to the specifications and policies of the IAB EU Transparency & Consent Framework as part of our compliance with EU data protection law. NEORY’s vendor identification number within the Framework is 34. See for more information.


On the following page, you have the option of disabling usage-based advertising with the help of the preference manager:


h. Data processing in the european union

We process data only in the Member States of the European Union (EU). In particular, the internet servers we use for data processing are located within the territory of the member states of the EU. As a principle, we do not transfer data to third countries or international organisations.


i. Usage-based online advertising / OBA

We have voluntarily submitted to the principles of the EDAA OBA Framework. For more information, please visit:


​In addition, we voluntarily comply with the self-regulation of the German Data Protection Council for Online Advertising (DDOW).


​For more information on behavioural advertising from the European Interactive Digital Advertising Alliance, please visit: 


j. Data protection measures

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with statutory requirements. Those measures shall be implemented taking into account the state of the art and include, in particular, encryption. The equipment and systems used to process data are protected against unauthorised access, both physically and digitally. In particular, our servers and the servers of our contractors are password-protected and encrypted. Only employees have access to Personal Data to the extent necessary to perform their duties. Our employees receive data processing training before commencing work and are obliged to maintain confidentiality. Regular backups protect the data from loss and can be restored at any time. The default system settings ensure that only Personal Data needed for the respective processing purpose is processed. In this way, we apply data protection principles such as data minimisation. In addition, we use technical and organisational measures to ensure the confidentiality, integrity, availability and resilience of the systems. Compliance with data protection regulations is routinely monitored and the measures are updated as and when necessary.


9. Routine erasure and blocking of personal data

We process and store your Personal Data only for the period necessary to achieve the purpose of the storage or as provided by the European directives and regulations or other laws or regulations to which we are subject. If the data is no longer required for the purpose for which it was originally stored, or if the storage period prescribed by the European directives and regulations or any other relevant laws expires, the Personal Data will be routinely erased or blocked in accordance with the statutory requirements.


Any data that we store on the basis of your consent will only be stored until you withdraw your consent. Data which we need for the performance of a contract will be stored only for the duration of our contractual relationship or to comply with statutory retention requirements. We will only store data we use on the basis of our legitimate interests for as long as our interests are not overridden by your interests to have the data erased or anonymised.


10. Rights of data subjects

You have the right:

  • to obtain information about your Personal Data we process in accordance with Article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of Personal Data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the Personal Data will be stored, the existence of the right to request rectification or erasure of Personal Data or restriction of processing of Personal Data or to object to such processing, the right to lodge a complaint, the source of data not collected by us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about the details involved;

  • to obtain from us without undue delay the rectification of inaccurate Personal Data we store on you in accordance with Article 16 GDPR;

  • to obtain from us the erasure of Personal Data we store on you without undue delay in accordance with Article 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

  • to obtain from us a restriction on processing in accordance with Article 18 GDPR if you contest the accuracy of the Personal Data, the processing is unlawful and you oppose the erasure of the Personal Data and we no longer need the Personal Data, but you require the data for establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;

  • to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another Controller in accordance with Article 20 GDPR and

  • to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a general rule, you can contact the supervisory authority of your habitual residence or place of work or our company's registered office.


11. Data protection officer

You can contact our data protection officer Mr Georg Hesse by email at


12. Contact Details

You can use the following details to contact us:


Brandschachtstrasse 2
44149 Dortmund




We will answer your questions regarding data protection promptly in German or English.

Anker 1
Anker 2
Anker 3
Anker 4
Anker 5
Anker 6
Anker 7
Anker 8
Anker 9
Anker 10
Anker 11
Anker 12
Anker a
Anker b
Anker c
Anker d
Anker e
Anker f
Anker g
Anker h
Anker i
Anker j
bottom of page