Privacy Policy of SimpleBid UG (haftungsbeschränkt)
Last updated: 5 July 2026This Privacy Policy explains how SimpleBid UG (haftungsbeschränkt) processes personal data when you visit our website, use our platform, create a customer account, book campaigns, communicate with us, or otherwise use SimpleBid’s services.
1. Controller
The controller within the meaning of the General Data Protection Regulation is:
SimpleBid UG (haftungsbeschränkt)
Schäferkampsallee 11
20357 Hamburg
GermanyEmail: support@simplebid.io
Website: https://simplebid.io
Represented by its managing directors: Cesar Masumbuku and Michael Bradley
2. Privacy Contact
For any privacy-related questions, you can contact us at:Email: support@simplebid.ioNo data protection officer has currently been appointed. Please direct any privacy-related inquiries to the contact address above.
3. Definitions
“Personal data” means any information relating to an identified or identifiable natural person. This includes, in particular, names, email addresses, telephone numbers, IP addresses, device identifiers, usage data, location data, payment data, and communication data.“Processing” means any operation performed on personal data, including the collection, storage, use, disclosure, deletion, or analysis of such data.“Platform” means the digital self-service platform provided by SimpleBid for planning, booking, delivering, billing, and analyzing connected TV, streaming, and digital video advertising campaigns.
4. Categories of Data Subjects
We process personal data in particular from:visitors to our website;prospects and contact persons;customers, business customers, and their employees;users of our platform;contractual partners, service providers, and contact persons;persons appearing in advertising materials, commercials, images, videos, or other customer content;users or devices that may be recorded in aggregated, pseudonymous, or personal form in connection with campaign measurement, targeting, or reporting.
5. Categories of Personal Data
Depending on the type of use, we process in particular the following data:
5.1 Website and Technical Access Data
IP address;date and time of access;pages and files accessed;referrer URL;browser type and browser version;operating system;device type;language settings;technical log data;cookie and consent information.
5.2 Contact and Communication Data
name;business email address;telephone number;company;position;content of the inquiry;communication history;appointment and demo requests.
5.3 Customer Account and Contract Data
company name;legal form;billing address;contact person;login data;user roles and permissions;contract data;offer and booking data;invoice and payment data;tax data, in particular VAT ID number;support and service history.
5.4 Campaign and Platform Data
campaign name;budget;campaign period;targeting parameters;geo-targeting information;audience and device parameters;advertising materials;landing pages;tracking parameters;reporting data;performance metrics such as impressions, clicks, budget spend, CPM, completion rate, or other campaign metrics.
5.5 Data Processed in Connection with AI-Based Commercial Creation
the customer’s website URL;texts, images, logos, videos, brands, claims, and product information provided by the customer;briefing data;revision requests;approvals;where applicable, image, audio, or video data of identifiable persons, if provided by the customer.
5.6 Payment Data
Payments may be processed through external payment service providers. Depending on the payment method, we or the relevant payment service provider may process in particular:invoice data;payment status;transaction data;payment references;where applicable, bank account or card data, unless such data is processed exclusively by the payment service provider.
6. Purposes and Legal Bases of Processing
We process personal data only where there is a legal basis for doing so.
6.1 Provision of the Website
We process technical access data in order to provide our website securely, reliably, and properly, to detect errors, prevent misuse, and ensure IT security.The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and proper provision of our website.
6.2 Contact and Communication
When you contact us, we process your information to handle your inquiry, communicate with you, and document the communication.The legal basis is Art. 6(1)(b) GDPR if the inquiry relates to a contract or pre-contractual measures. Otherwise, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in handling business inquiries.
6.3 Registration and Customer Account
We process registration, login, and account data in order to create a customer account, provide the platform, authenticate users, manage roles, and prevent misuse.The legal basis is Art. 6(1)(b) GDPR where the processing is necessary for the performance of a contract. Where the processing is carried out to secure the platform, prevent misuse, or control access, the legal basis is Art. 6(1)(f) GDPR.
6.4 Campaign Booking and Campaign Management
We process campaign, contract, invoice, and platform data in order to plan, book, deliver, bill, optimize, and analyze advertising campaigns.The legal basis is Art. 6(1)(b) GDPR. Where individual data is processed for fraud prevention, IT security, quality control, or the establishment, exercise, or defense of legal claims, the legal basis is Art. 6(1)(f) GDPR.
6.5 Targeting, Delivery, and Campaign Measurement
Depending on the campaign, we process technical, pseudonymous, aggregated, or personal data in order to deliver advertising, create audiences, measure campaigns, limit frequency, prevent misuse, and provide reports.The specific legal basis depends on the relevant campaign model, the technologies used, and the applicable data protection role allocation. Where consent is required, processing is carried out on the basis of Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.Where processing is necessary and permissible for the performance of a contract or for the purposes of legitimate interests, it is carried out on the basis of Art. 6(1)(b) or Art. 6(1)(f) GDPR.We use non-essential cookies, pixels, SDKs, local storage technologies, or similar technologies only where valid consent has been obtained, to the extent required by law.
6.6 AI-Based Commercial Creation
If you instruct us to create an AI-based advertising commercial, we process the content and briefing data you provide in order to create, edit, approve, bill, and deliver the commercial.The legal basis is Art. 6(1)(b) GDPR. Where content shows identifiable persons or otherwise contains personal data of third parties, the customer is responsible for ensuring that the provision and use of such data is lawful and that the necessary rights, consents, or other legal bases are in place.
6.7 Payment Processing and Accounting
We process payment, invoice, and accounting data for billing, payment processing, tax documentation, and compliance with statutory retention obligations.The legal bases are Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.
6.8 Direct Marketing to Business Customers
We may use business contact data to inform existing customers and prospects about our own similar SimpleBid services, where legally permissible.The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in addressing business contacts for marketing purposes. You may object to the processing of your data for direct marketing purposes at any time.
6.9 Legal Enforcement and Compliance
We process data where this is necessary for the establishment, exercise, or defense of legal claims, fraud prevention, sanctions screening, misuse prevention, or compliance with legal obligations.The legal bases are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.
7. Cookies, Similar Technologies, and Consent Management
Our website and platform may use cookies, pixels, local storage, session storage, SDKs, tags, or similar technologies.
7.1 Technically Necessary Technologies
We use technically necessary technologies to provide the website and platform, enable login sessions, ensure security, store language settings, document consent decisions, or provide booking functions.Where these technologies are strictly necessary, access to the end device is based on Section 25(2) TDDDG. The subsequent processing of personal data is generally based on Art. 6(1)(b) or Art. 6(1)(f) GDPR.
7.2 Analytics, Marketing, and Tracking Technologies
Analytics, marketing, retargeting, conversion, or other non-essential technologies are used only with your consent, where required by law.The legal bases are Section 25(1) TDDDG for access to the end device and Art. 6(1)(a) GDPR for the subsequent processing of personal data.You can withdraw or change your consent at any time with effect for the future via our consent tool. You can access the cookie settings at any time via the “Cookie Settings” link in the footer of our website.
7.3 Cookie Overview
An up-to-date overview of the cookies and similar technologies used can be found in our consent tool under “Cookie Settings”.There, we provide information in particular about providers, purposes, storage periods, categories, and any possible transfer to third countries.
8. Service Providers and Recipients
We may disclose personal data to the following categories of recipients where this is necessary for the respective purposes:hosting and cloud service providers;IT, security, and maintenance service providers;CRM, email, and communication tools;payment service providers and banks;tax advisors, legal advisors, and auditors;ad servers, demand-side platforms, supply-side platforms, publishers, marketers, and media partners;analytics, tracking, and consent management providers;AI tool providers, creative service providers, voice-over providers, stock material providers, and production service providers;public authorities, courts, and other public bodies where legally required.Where service providers process personal data on our behalf, we enter into data processing agreements pursuant to Art. 28 GDPR.
9. Data Processing by Publishers, Marketers, and Media Partners
When digital advertising is delivered, publishers, marketers, platforms, and other media partners may carry out their own data processing activities. Depending on the specific setup, these partners may act as independent controllers, joint controllers, or processors.The specific role allocation depends on the relevant campaign, inventory, technologies used, and contractual relationships. Where required, we provide additional information or agreements.
10. Transfers to Third Countries
We may use service providers that process personal data outside the European Union or the European Economic Area.Such transfers take place only if the statutory requirements are met, in particular if an adequacy decision by the European Commission exists, appropriate safeguards such as EU Standard Contractual Clauses have been agreed, or a statutory derogation applies.
11. Storage Period
We store personal data only for as long as necessary for the respective purposes or for as long as statutory retention periods apply.Typical retention periods are:technical log data: generally up to 30 days, unless longer storage is required for security reasons;contact inquiries: until final processing of the inquiry and thereafter in accordance with statutory limitation periods;contract, invoice, and accounting data: generally six to ten years in accordance with statutory retention obligations;customer account and platform data: for the duration of the contractual relationship and thereafter in accordance with statutory obligations and legitimate interests;campaign data and reports: for the duration of the campaign and thereafter in accordance with contractual, tax, and legal requirements;consent data: for the duration of the obligation to demonstrate consent.
12. Obligation to Provide Data
The provision of certain data is necessary in order to enable our website, platform, contracts, campaign bookings, billing, or communication. Without such data, we may be unable to provide certain services, or may only be able to provide them on a limited basis.The provision of data for non-essential analytics, marketing, or tracking technologies is voluntary.
13. Automated Decision-Making and Profiling
As a rule, we do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR.In the context of digital advertising, automated systems may be used for campaign delivery, audience segmentation, frequency capping, fraud prevention, budget optimization, or bidding logic. These processes serve the technical and economic implementation of campaigns and generally do not produce legal effects for data subjects.
14. Rights of Data Subjects
Subject to the statutory requirements, data subjects have the following rights:right of access;right to rectification;right to erasure;right to restriction of processing;right to data portability;right to object to processing based on legitimate interests;right to withdraw consent with effect for the future;right not to be subject to a decision based solely on automated processing within the meaning of Art. 22 GDPR.To exercise your rights, you can contact us at support@simplebid.io.
15. Objection to Direct Marketing
You may object to the processing of your personal data for direct marketing purposes at any time. We will then no longer process your data for such purposes.
16. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority may be the authority of your habitual residence, your place of work, or the place of the alleged data protection infringement.For SimpleBid, due to its registered office in Hamburg, the following supervisory authority is in particular competent:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
GermanyWebsite: https://datenschutz-hamburg.de
17. Data Security
We take technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.These measures include, in particular, access restrictions, encryption, authorization concepts, logging, security updates, and service provider controls.
18. Changes to this Privacy Policy
We may update this Privacy Policy if our data processing activities, our platform, legal requirements, or technical circumstances change.The current version is available on our website.