Creative Data Collection Notice

Who should read this notice? This notice is intended for end-users who have interacted with an interactive banner advertisement powered by TJr Interactive's technology, as well as for advertisers using the TJr Interactive platform who wish to understand their obligations as data controllers.

Table of Contents

Data Controller vs. Data Processor — Who is Responsible?
What Data is Collected in the Creative?
Why is This Data Collected?
Legal Basis for Processing
Who Receives Your Data?
Retention
Your Rights
Obligations of Advertisers Using TJr Interactive
Contact

1. Data Controller vs. Data Processor — Who is Responsible?

Under the GDPR, there are two distinct roles when personal data is collected through an advertising creative:

Data Controller

The Advertiser

The company or brand whose campaign you interacted with. They determine the purpose and means of data collection — i.e., what questions are asked, what data is collected, and how it will be used. They are primarily responsible for your data and your rights under GDPR.

Data Processor

TJr Interactive (Ted Jordan SRL)

We provide the technical infrastructure (the MRAID creative platform) and process your data solely on the documented instruction of the advertiser. We act as a processor under Article 28 GDPR. We do not use your data for our own marketing or profiling.

Practical implication If you wish to exercise your data rights (access, erasure, portability, etc.), your primary point of contact is the advertiser whose campaign you interacted with. TJr Interactive will fully assist that advertiser in honouring your request. You can also contact TJr Interactive directly at privacy@tjrinteractive.io.

2. What Data is Collected in the Creative?

Depending on the campaign type, the following categories of personal data may be collected through a TJr Interactive banner:

2.1 Audience Insight Campaigns (Market Research)

Survey responses (opinions, preferences, behavioural data);
Demographic data if included in the questionnaire (e.g. age group, country of residence);
Timestamp of response;
Anonymous device/session identifier (for deduplication — not linked to identity).

Audience Insight campaigns are designed to be anonymous by default. Personal identifiers (name, email) are not collected unless explicitly required by the campaign and disclosed in the creative.

2.2 Lead Generation Campaigns

First name and/or last name;
Email address;
Phone number (if requested);
Any additional fields as specified in the creative and disclosed to you at the time of collection;
Consent timestamp and creative version (for audit trail).

Lead generation campaigns collect directly identifying personal data. This data is transmitted to the advertiser (data controller) in real time or in batch, as configured.

3. Why is This Data Collected?

The purpose of data collection is determined by the advertiser (data controller). Typical purposes include:

Market research: Understanding consumer opinions, preferences, and behaviour for commercial or strategic research purposes;
Lead generation: Identifying and qualifying potential customers for the advertiser's products or services;
Campaign measurement: Measuring completion rates and engagement (aggregated, not individual).

TJr Interactive processes the data collected only for the above purposes on behalf of the advertiser. We do not use end-user data for our own advertising, profiling, or commercial purposes.

4. Legal Basis for Processing

The legal basis for processing your data depends on the campaign type and is the responsibility of the advertiser to establish and disclose:

Consent (Art. 6(1)(a) GDPR): Typically used for lead generation campaigns. You provide consent by voluntarily completing and submitting the form in the creative. You have the right to withdraw consent at any time.
Legitimate interests (Art. 6(1)(f) GDPR): May apply to anonymised market research surveys where no directly identifying data is collected.

The applicable legal basis, the identity of the data controller, and the purposes of processing must be disclosed in the creative itself before you submit any data. If this information was not clearly presented to you, you have the right to object and to contact the advertiser or TJr Interactive.

5. Who Receives Your Data?

The Advertiser (data controller): Your response data is transmitted to the advertiser whose campaign you interacted with. They receive it as the primary data controller and are responsible for its further use.
TJr Interactive (Ted Jordan SRL): We retain a secure copy of collected data for the duration specified in our Data Processing Agreement with the advertiser, solely for service delivery, security, and compliance purposes.
No third-party sharing: Your data is not sold to, shared with, or licensed to any other party without your explicit consent or a legal obligation to do so.

6. Retention

Retention periods are set by the advertiser (data controller) and agreed in the Data Processing Agreement. Typical periods are:

Survey/insight data: 12 to 24 months from campaign end;
Lead data: As determined by the advertiser's own retention policy, typically 12 to 36 months;
Audit logs (consent records): Minimum 3 years for compliance purposes.

After the retention period, data is securely deleted from TJr Interactive's systems. The advertiser remains responsible for deleting data from their own systems.

7. Your Rights

As a data subject, you have the following rights under GDPR, regardless of whether you contact the advertiser or TJr Interactive:

Right of access: Know what data was collected about you;
Right to rectification: Correct inaccurate data;
Right to erasure: Request deletion of your data;
Right to withdraw consent: Revoke consent for lead generation at any time (this does not affect processing that occurred before withdrawal);
Right to object: Object to processing on legitimate interests grounds;
Right to lodge a complaint: With your national data protection authority.

How to exercise your rights Contact the advertiser whose creative you interacted with using the contact details they provided in the banner or their own privacy policy.

Alternatively, contact TJr Interactive at: privacy@tjrinteractive.io — we will identify the relevant advertiser and facilitate your request within 30 days.

8. Obligations of Advertisers Using TJr Interactive

Advertisers who use the TJr Interactive platform to run data-collecting campaigns must:

Act as the data controller under GDPR and assume full responsibility for end-user data collected via their campaigns;
Sign a Data Processing Agreement (DPA) with Ted Jordan SRL before running any data-collecting campaign;
Ensure that a clear and accessible privacy notice is displayed within the creative before data collection begins. This notice must specify: the identity and contact details of the data controller, the purpose and legal basis of processing, the categories of data collected, data retention periods, and user rights;
Ensure that any consent obtained is freely given, specific, informed, and unambiguous as required by GDPR Art. 7;
Not use collected data for any purpose beyond those disclosed in the creative privacy notice;
Ensure that the campaign complies with applicable advertising regulations, including restrictions on advertising to minors;
Respond to data subject rights requests without undue delay (maximum 30 days).

Advertisers who fail to comply with these obligations are solely responsible for resulting regulatory or legal consequences. TJr Interactive reserves the right to suspend campaigns that are found to be non-compliant.

9. Contact

TJr Interactive — Data Protection Ted Jordan SRL
Email: privacy@tjrinteractive.io
Subject: "Creative Privacy — [Campaign Name / Advertiser Name]"
Response time: 30 calendar days

This notice is specific to data collection within advertising creatives. For the general website privacy policy covering your use of tjrinteractive.io, see Privacy Policy.