VelisAds Network

Privacy Policy

Effective date: February 17, 2026 | Version: 2026.02-global

This Privacy Policy explains how personal data is collected, processed, shared, retained, and protected across VelisAds Network services, with rights handling for users, publishers, and partners.

Implementation should always be validated against the laws of the regions where services are offered.

Scope and Applicability

  1. Applies to data collected through account creation, login, support, reporting, and ad operations.
  2. Applies to identifiers such as email, IP address, device signals, and cookie-derived preferences.
  3. Applies to controller and processor activities performed directly or through approved subprocessors.
  4. Applies to global user interactions, with local privacy rights enforced where legally required.
  5. Applies to manual and automated processing activities used for fraud and service reliability.
  6. Applies to data handling in production, backup, and compliance evidence systems.

Mandatory Requirements

Lawful Basis and Notice

  • Every processing purpose must have a documented lawful basis before data collection begins.
  • Privacy notices must explain data categories, purposes, sharing, and rights options.
  • Purpose expansion requires updated notice and legal review before release.
  • Consent requests must avoid coercive or deceptive design patterns.

Data Minimization and Access Control

  • Only data needed for declared operational purposes may be collected.
  • Access must follow least privilege, role-based controls, and monitoring logs.
  • Sensitive data requires additional controls, approvals, and justification.
  • Data quality checks must prevent stale, inaccurate, or duplicate records.

User Rights Handling

  • Verified requests for access, correction, deletion, and portability must be supported.
  • Identity verification is required before disclosing personal data.
  • Response timelines must match legal obligations in the applicable jurisdiction.
  • Where requests are denied, the legal reason must be documented and communicated.

Prohibited Practices

  1. Collecting personal data without a clear lawful purpose and documented basis.
  2. Using personal data for undisclosed profiling or unauthorized targeting.
  3. Selling or sharing data in conflict with consent or statutory opt-out rights.
  4. Ignoring valid rights requests from authenticated users.
  5. Retaining personal data indefinitely without legal or operational justification.
  6. Transferring data to unvetted vendors without contractual safeguards.
  7. Masking or suppressing evidence related to privacy incidents.
  8. Bypassing regional privacy controls for convenience or growth targets.

Governance, Monitoring, and Enforcement

  1. Data inventories and processing records must be reviewed and updated regularly.
  2. Privacy impact assessments are required for new high-risk processing activities.
  3. Incident response includes triage, legal review, notification, and remediation tracking.
  4. Personnel handling user data must complete recurring privacy training.
  5. Audit logs must support rights-handling and purpose-limitation verification.
  6. Subprocessor onboarding requires due diligence and contractual accountability.
  7. Material policy updates are versioned and announced with effective dates.
  8. Persistent non-compliance may trigger account restriction or service suspension.

Global Source Links and Standards

  1. EU GDPR Regulation (EU) 2016/679
  2. EU ePrivacy Directive 2002/58/EC
  3. California Privacy Protection Agency (CPPA)
  4. EDPB Guidelines
  5. FTC Privacy and Data Security Guidance
  6. ICO UK GDPR Guidance
  7. NIST Privacy Framework
  8. ISO/IEC 27701 Overview