Skip to content
Sign in Register Request a demo
Sign in Request a demo Register
Register

Platform privacy policy

Last updated: May 2026

In this Privacy Policy you will find information on the processing of personal data that takes place in the Readpeak platform and related services. In this Privacy Policy, we explain how personal data is processed in connection with the delivery, optimisation, measurement and protection of digital advertising services provided through the Readpeak platform. To ensure your privacy, Readpeak complies with applicable data protection and privacy legislation, including the EU General Data Protection Regulation (“GDPR”), the ePrivacy rules applicable in relevant jurisdictions, and, where applicable, the UK GDPR.

We generally rely on consent obtained for us by the clients or partners that use our platform and services where consent is required, including for cookies and similar technologies used for advertising, measurement or profiling. Our platform is designed to collect and use pseudonymous data, such as cookie IDs, first-party IDs, mobile advertising identifiers, bid request identifiers and IP addresses. We do not intentionally collect directly identifiable data such as your name or postal address in connection with our advertising delivery services, and we do not intentionally collect special category data for advertising purposes.

For privacy information related to the Readpeak website, please visit our Website Privacy Policy and Cookie Policy.

About Readpeak Services

Readpeak provides a digital advertising technology platform used by advertisers, publishers and other partners to buy, sell, deliver, measure and optimise advertising on websites, mobile applications and similar online media environments.

Depending on the setup, Readpeak may act as:

  • a demand-side platform (DSP) in programmatic transactions; 
  • a supply-side or monetisation partner (SSP partner) in header bidding or similar supply-side integrations; 
  • an ad serving and optimisation provider in direct publisher integrations; and 
  • a processor for certain client-provided data, such as CRM or audience data uploaded by advertisers or publishers for matching, audience creation or suppression. 

Readpeak’s services include:

  • automated bidding and ad decisioning; 
  • delivery of native and other digital advertising; 
  • campaign measurement and reporting; 
  • invalid traffic (“IVT”), fraud and abuse detection; 
  • frequency capping and pseudonymous audience management; 
  • attribution and advertiser landing-page measurement where Readpeak tracking technology is deployed; and 
  • service analytics, research and development, and model improvement. 

These services may operate in one or more of the following ways:

  • Programmatic advertising: Readpeak may receive bid requests from SSPs, exchanges or other supply partners and determine whether to bid on behalf of advertisers. 
  • Header bidding: Readpeak may receive requests directly from a publisher’s header bidding wrapper or similar implementation and participate as a supply-side partner competing for placement. 
  • Direct integrations: Readpeak may receive ad requests directly from a publisher through a tag, SDK or similar integration and deliver ads in exclusive or directly integrated placements. 
  • Advertiser-side measurement: Where an advertiser deploys Readpeak measurement or tracking technology on its own site or landing page, Readpeak may collect post-click and attribution-related data, subject to applicable legal requirements. 

Data Collection

As part of the services, Readpeak may collect or receive personal data relating to users’ interactions with client advertisements, publisher websites or applications, advertiser landing pages, and other digital environments where Readpeak technology is deployed.

This may include:

  • device and network data, such as IP address, user agent, browser type and version, operating system, device type and similar technical information; 
  • online identifiers, such as Readpeak cookie IDs, user IDs, publisher provided IDs, mobile advertising IDs, auction IDs, bid request IDs, click IDs, consent strings and similar identifiers; 
  • contextual and placement data, such as page URL, app name, ad placement, site or app category, and publisher domain; 
  • advertising transaction and measurement data, such as bid requests, bids, auction outcomes, impressions, clicks, viewability signals, conversions and campaign performance data; 
  • browser and environment signals used for invalid traffic and fraud detection; and 
  • client-provided data, such as CRM or audience data uploaded by advertisers or publishers for audience matching, audience suppression or similar purposes. 

We collect data through Readpeak’s tracking technology, which may employ cookies, pixels, SDKs, scripts and similar technologies. We may also receive data through bid requests, ad requests, header bidding wrappers, publishers, advertisers, and other partners.

When Readpeak technology is executed in a user’s browser, including when an ad is rendered, clicked, measured or otherwise interacted with, Readpeak may collect additional browser, device or environment signals for ad delivery, measurement, attribution, optimisation and invalid traffic detection.

In direct publisher integrations, and subject to applicable legal requirements, Readpeak or the publisher may also use a first-party identifier on the publisher’s domain as a fallback where third-party cookies are unavailable.

Readpeak may also conduct cookie syncing or other pseudonymous ID matching with third-party platforms or partners, such as advertising, measurement or monetisation partners, in order to support campaign delivery, attribution, measurement, fraud prevention and interoperability within the digital advertising ecosystem. Any such syncing is carried out using pseudonymous identifiers rather than directly identifying information.

Where advertisers or publishers provide client data through our platform, including CRM or audience data, Readpeak processes that data in accordance with the applicable agreement and, where relevant, as a processor on behalf of the client.

Data Use

Readpeak uses personal data to provide advertising services to its clients and partners. This includes the following purposes:

  • Advertising delivery and performance measurement: Data is used to deliver advertising, analyze and report on advertising performance, and match user actions with particular campaigns, targeting settings, publishers, placements and advertisements. 
  • Targeting, sequencing and optimisation: Data is used to improve advertising efficiency and relevance, for example by sequencing ads, selecting ads based on contextual or pseudonymous signals, optimising bids and delivery, and determining whether any ad should be displayed at all. 
  • Frequency management and user-level pseudonymous controls: IDs may be used to limit advertising exposure for a browser or device and to enable more relevant advertising and campaign management. 
  • User choice compliance: IDs may be used to comply with users’ opt-out requests, consent choices, objections or suppression instructions.
  • Invalid traffic, fraud, malware and abuse prevention: Data is used to detect and prevent invalid traffic, denial-of-service attacks, automated bot activity, spoofing, malware and other fraudulent or abusive activities. 
  • ID matching and interoperability: Pseudonymous identifiers may be synchronized or otherwise matched with other online advertising services or partners for purposes such as serving advertising, measurement, attribution, frequency management, fraud prevention and evaluating the performance of advertising campaigns run through the Readpeak platform. 
  • Buying and selling digital advertising: Data is used to enable the buying and selling of online advertising, including evaluating inventory, calculating bids, submitting bids or responses, and managing auction outcomes. 

In addition, data may be used for internal research, analytics and service development, including to analyze use of Readpeak’s services, improve existing features and functionalities, develop new services, and develop or train models and algorithms used in campaign delivery, optimisation, measurement and fraud prevention.

Where client-provided CRM or audience data is processed by Readpeak on behalf of a client, Readpeak uses that data only to provide the instructed service, such as audience matching, creation or suppression, and not for its own independent purposes unless separately agreed and lawfully permitted.

Data Retention

The typical lifetime of cookies or similar identifiers created in the context of the services is limited and may vary depending on technical configuration, browser restrictions, legal requirements and the nature of the relevant service. The typical lifetime of the cookies created in context of the services is 90 days, although this duration may be changed to a different and shorter duration within the scope of what is permissible by law at any time and without advance notice to our clients and end users. The collected data is stored for 13 months.

Where client data such as CRM or audience data is processed on behalf of a client, such data is retained in accordance with the relevant client agreement and the client’s documented instructions.

For more information on cookies and retention times, please see our Cookie Policy.

Legal Basis for Processing

Data is processed only where there is a valid legal basis for doing so.

Where required by law, including under applicable cookie and ePrivacy rules, Readpeak places or reads cookies and similar technologies on the basis of the user’s consent, typically obtained by the publisher, advertiser or other partner operating the relevant site or application and communicated to Readpeak through a consent signal or similar mechanism.

Further processing may, depending on the circumstances and applicable law, be based on Readpeak’s legitimate interests. In particular, we may rely on legitimate interests to:

  • use limited data to select and optimise advertising in circumstances where consent is not required and such processing is lawful; 
  • measure advertising performance and campaign effectiveness; 
  • develop, improve and secure our services; 
  • detect and prevent invalid traffic, fraud, abuse, malware and security threats; and 
  • maintain suppression records and honour user choices. 

Given the types of data, the nature of processing and the choices available to you, we have assessed that your interests or fundamental rights or freedoms do not override the legitimate interest described above. For more information on our legitimate interest, please visit: Legitimate interest assessment (LIA) – Readpeak.  You can, however, object processing based on legitimate interest at any time as described below. 

Where Readpeak processes client-provided CRM or audience data solely on behalf of a client, the applicable legal basis is determined by that client acting as controller, and Readpeak acts as processor under the applicable data processing agreement.

Data Processing Roles

Readpeak’s services form one part of the online advertising ecosystem. This means that when providing our services, we work together with publishers, advertisers, technology partners and other counterparties.

Depending on the specific processing activity, Readpeak may act as an independent controller, joint controller or processor.

  • Readpeak as independent controller: Readpeak acts as an independent controller where it independently determines the purposes and means of processing, including for example bidding and auction decisioning, campaign optimisation, ad serving logic, measurement, invalid traffic and fraud detection, service analytics, internal research and model improvement, and other downstream processing carried out by Readpeak for its own lawful purposes. 
  • Readpeak and publisher as joint controllers: Where Readpeak tags, SDKs, scripts, cookies or similar technologies are intentionally implemented on a publisher’s site or application in order to collect or transmit personal data for advertising, monetisation, measurement or optimisation purposes, Readpeak and the publisher may act as joint controllers within the meaning of Article 26 GDPR. In such cases, responsibilities are allocated between the parties, typically as follows:
  • the publisher integrates the relevant technology on its property; 
  • the publisher is typically responsible for the user-facing notice and, where required, consent interface on its property and for communicating the relevant user choices to Readpeak; and 
  • Readpeak is responsible for its own downstream privacy compliance, security and rights handling in relation to the processing it carries out.
  • Readpeak and advertiser as joint controllers: Where Readpeak and an advertiser or other client jointly determine the purposes and essential means of campaign-related tracking, measurement, attribution or optimisation, including where Readpeak technology is deployed on an advertiser landing page, the parties may act as joint controllers for that processing. 
  • Readpeak as processor: With respect to client data, such as CRM data, customer lists or online behavioural data provided by an advertiser or publisher via our platform for audience matching, creation or suppression, Readpeak acts as a processor. Such processing is governed by the data processing agreement entered into between Readpeak and the relevant client. 
  • Other advertising technology providers: Other SSPs, DSPs, exchanges, measurement providers, identifier partners and similar counterparties typically act as independent controllers for the processing they carry out for their own purposes, unless otherwise agreed. 

Data Transfers

To the extent that we transfer personal data outside the European Union, the European Economic Area or the United Kingdom, including to clients, partners, service providers or group entities located in other jurisdictions, we rely on appropriate data protection safeguards as required by applicable law. These may include an adequacy decision, the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and/or the European Commission’s Standard Contractual Clauses, as applicable. 

Compliance with IAB Europe Transparency & Consent Framework

Readpeak is part of the IAB Europe Transparency & Consent Framework and complies with the applicable policies and specifications of that framework. Readpeak vendor ID is 290.

Readpeak is a participant in the IAB UK Gold Standard and holds verification by the Trustworthy Accountability Group (TAG), demonstrating our adherence to recognized industry standards for transparency, accountability, and quality.

Your Rights

As a data subject, you have the rights granted under applicable data protection law, including the right:

  1. to access your personal data and request rectification or erasure where applicable; 
  2. to request restriction of processing; 
  3. to receive a copy of your personal data in a portable format where applicable; 
  4. to withdraw your consent at any time where processing is based on consent, including through the relevant cookie consent mechanism where available; 
  5. to object to processing based on legitimate interests; and 
  6. to lodge a complaint with the competent data protection authority. There is a data protection authority in each EU and EEA country as well as in the UK. Please contact the authority of your country of residence for more information on how to complain. The contact details for the Finnish Data Protection Ombudsman may be found here: www.tietosuoja.fi.  

Because we generally process pseudonymous data in the advertising context, we may not know the real-world identity of the individual associated with a particular identifier. In some cases, this means we may need additional information from you in order to authenticate and fulfil a rights request. We will nevertheless seek to honour valid consent withdrawal, opt-out and objection choices through the relevant privacy or consent mechanisms where technically possible.

Automated Decisions

Our services may be used to profile users in order to deliver advertising, optimise campaigns, manage frequency or detect invalid traffic and fraudulent activity. However, Readpeak does not make automated decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR.

Additional information for U.S. residents

If you are a resident of a U.S. state that grants privacy rights under applicable law, Readpeak will handle your personal data in accordance with such laws to the extent they apply to Readpeak’s processing activities.

Depending on the applicable law and Readpeak’s role in the relevant processing, you may have the right to:

  • know whether Readpeak processes your personal data and to access such data; 
  • request deletion of your personal data; 
  • request correction of inaccurate personal data; 
  • obtain a copy of certain personal data in a portable format, where applicable; 
  • opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects, where applicable; and 
  • not be discriminated against for exercising any privacy rights granted by law. 

Readpeak generally processes pseudonymous identifiers and other data associated with browsers, devices and advertising interactions rather than directly identified individuals. As a result, Readpeak may need additional information to verify a request and may not always be able to associate a request with a particular browser, device or identifier unless sufficient information is provided.

Where required by applicable U.S. law, Readpeak will honour valid opt-out preference signals, consent choices or other user controls communicated through recognised privacy mechanisms or through the publisher, advertiser or other partner operating the relevant website, application or digital property.

Readpeak does not sell personal data for monetary consideration; however, certain disclosures of pseudonymous identifiers and advertising-related data within the digital advertising ecosystem may be considered “sale,” “sharing,” or processing for “targeted advertising” under certain U.S. state privacy laws. Where such laws apply, Readpeak will provide the rights and opt-out choices required by law.

If you wish to exercise any rights available to you under applicable U.S. law, you may contact Readpeak using the contact details set out below. Where permitted by law, Readpeak may take reasonable steps to verify your identity and the scope of your request before responding. If Readpeak denies your request, you may have the right to appeal that decision in accordance with applicable law and the instructions provided in our response.

For the avoidance of doubt, this section supplements, and does not replace, the rights and information set out elsewhere in this Privacy Policy.

Contact

Should you have any privacy concerns, please contact Readpeak by post at Tammasaarenlaituri 3, 00180 Helsinki, Finland or via email at info@readpeak.com.

Changes

We are continuously developing our business and services, which is why we may occasionally need to make changes to this Privacy Policy. We will inform you about any changes we make, either personally or through our services. We suggest that you check this page periodically.