Privacy Policy

This Privacy Policy explains how Twinkly Ads ("Twinkly," "we," "us," or "our") collects, uses, shares, and protects information when you visit twinklyads.com and its sub-pages (the "Site"), when you interact with us as an advertiser or traffic partner, and when we receive pseudonymous data in connection with our clients' campaigns.

This Policy does not cover websites or apps we do not control. For data collected within an advertiser's/app owner's product, please also review that company's own privacy disclosures.

1) Controller & how to contact us

For Site visitors and our direct B2B contacts (advertisers, partners), the data controller is:

We have not appointed a statutory DPO; our privacy team can be reached at the email above.

2) What we collect and from whom

A. Site visitors

Identifiers & device data: IP address (truncated/region), user-agent, device type, timestamps, referral URLs.

Cookies & similar tech: strictly necessary cookies, and—if you consent—analytics/marketing cookies.

Forms & communications: name, business email, company, role, message content; meeting bookings; newsletter sign-ups.

Job applications: CV/resume details you submit.

B. Advertisers & traffic partners (B2B)

Business contact data: name, role, company, email, phone, messenger handles.

Commercial data: contracts, IOs/SOWs, billing details, performance reports, anti-fraud review notes.

Operational metadata: integration settings, creative IDs, campaign parameters, communication logs.

C. End-user event data from campaigns (pseudonymous)

We may receive pseudonymous app install and in-app event data via mobile measurement platforms (e.g., MMPs) and similar providers engaged by the advertiser. Typical fields include: event type and timestamp, campaign/creative IDs, attribution data, device attributes (e.g., OS version, model), coarse location/geo, and pseudonymous identifiers provided by the MMP or platform.

For this stream, Twinkly acts as a processor; the advertiser is the controller and is responsible for end-user consent and notices.

3) Purposes & legal bases

Site visitors / B2B contacts (controller)

• Provide and secure the Site (legitimate interests).
• Respond to inquiries, schedule calls, and pre-contract steps (contract / legitimate interests).
• Send updates/marketing (consent where required; opt-out anytime).
• Analytics & performance (consent where required / legitimate interests).
• Legal compliance (legal obligation).

Campaign event data (processor)

Attribution, optimization, fraud detection, and reporting per our agreement with the advertiser and their instructions.

4) Cookies & similar technologies

We use:

• Strictly necessary cookies (to run the Site),
• Analytics (to understand usage and improve),
• Marketing (to measure B2B effectiveness).

Where required, we collect consent through a cookie banner/preferences. You can change preferences in your browser and, where available, in our cookie settings. A separate Cookie Notice can provide detail on each cookie category.

5) How we share information

We share personal data with trusted service providers under contract, solely for the purposes above, for example: hosting and cloud storage, security/anti-fraud tools, analytics, CRM and marketing automation, email and calendar systems, applicant tracking, and document management.

We may also share:

• Within our group/affiliates (need-to-know basis),
• With professional advisors (e.g., legal, accounting),
• If required by law or in response to valid requests,
• In a business transaction (e.g., merger, acquisition), subject to safeguards.

We do not sell personal data.

6) International transfers

We operate internationally. If we transfer personal data outside the EEA/UK, we use appropriate safeguards such as European Commission Standard Contractual Clauses (and UK addenda where applicable) and implement technical/organizational measures. For HK transfers, we follow the PDPO principles and apply comparable safeguards.

7) Security

We apply administrative, technical, and organizational measures appropriate to the risk (access controls, encryption in transit, logging/monitoring, least-privilege, vendor due diligence). No method is 100% secure; we cannot guarantee absolute security.

8) Retention

We keep data only as long as necessary for the purposes described or as required by law. Examples:

• Site logs/analytics: short to medium terms for security and insights;
• B2B records (contracts, billing): per statutory retention;
• Campaign event data (processor): per advertiser instructions;
• Recruitment: typically up to 12 months unless you consent to a longer talent-pool period.

9) Your rights

Depending on your location (e.g., EEA/UK under GDPR/UK GDPR; HK under PDPO), you may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent where processing is based on consent.

To exercise rights, email partnership@twinklyads.com.

For campaign event data where we are a processor, please contact the advertiser (the controller); we will assist them as required.

You also have the right to lodge a complaint with your local supervisory authority.

10) Children

Our Site and services target business users and are not directed to children. We do not knowingly collect data from individuals under the age required by applicable law (e.g., 16 in the EEA). If you believe a child provided data, contact us and we will delete it.

11) Changes to this Policy

We may update this Policy from time to time. We will update the Effective date above and, if changes are material, provide a more prominent notice. Your continued use of the Site after changes become effective means you accept the revised Policy.

12) Contact