Privacy Policy

1. Identity of the Data Controller

The website tjrinteractive.io and the TJr Interactive platform are operated by:

Ted Jordan SRL is registered under Belgian law and subject to GDPR (Regulation (EU) 2016/679) as applicable within the European Economic Area (EEA).

Where TJr Interactive processes personal data collected through advertising campaigns on behalf of its clients (advertisers), Ted Jordan SRL acts as a data processor under Article 28 GDPR and the relevant advertiser acts as the data controller.

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to tjrinteractive.io and its subdomains;
• Users of the TJr Interactive platform (advertiser accounts, admin users);
• Any individual whose data is processed in connection with our business operations.

This policy does not cover the data collection that occurs inside MRAID banner creatives served to end-users on behalf of advertisers. That processing is governed by the Creative Data Collection Notice displayed within each banner, and by the data controller's (advertiser's) own privacy policy.

3. Personal Data We Collect

3.1 Platform Users (Advertiser Accounts)

When you create or access a TJr Interactive account, we collect:

• Identity data: name, job title, company name;
• Contact data: email address;
• Authentication data: hashed passwords (bcrypt, never stored in plain text);
• Usage data: session logs, IP addresses, browser/device information, actions performed within the platform.

3.2 Website Visitors

When you browse tjrinteractive.io, we may collect:

• IP address and approximate geolocation (country/city level);
• Browser type, language, operating system;
• Pages visited, referral URLs, time spent;
• Cookie identifiers (see Section 5).

3.3 Contact & Communication

When you contact us via email or our contact form, we collect the information you provide (name, email, message content).

3.4 End-User Data Processed on Behalf of Advertisers

Through our MRAID banner platform, TJr Interactive may process data submitted by end-users within advertising creatives (e.g. survey responses, lead information). This data is processed exclusively:

• On the documented instruction of the relevant advertiser (data controller);
• For the purposes described in the campaign's data collection notice;
• In accordance with a Data Processing Agreement (DPA) signed between TJr Interactive and the advertiser.

TJr Interactive does not use this end-user data for its own marketing, profiling, or any purpose beyond service delivery to the advertiser concerned.

4. Purposes & Legal Bases

We process personal data on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): Creating and managing platform accounts; delivering the TJr Interactive service; billing and invoicing.
• Legitimate interests (Art. 6(1)(f)): Platform security (fraud prevention, abuse detection); improving our service; internal analytics and reporting; responding to enquiries. Our legitimate interests do not override your fundamental rights and freedoms.
• Consent (Art. 6(1)(a)): Non-essential cookies and tracking technologies (see Section 5); marketing communications where required. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable Belgian and EU law, including accounting and tax requirements.

5. Cookies & Tracking Technologies

We use the following categories of cookies on tjrinteractive.io:

5.1 Strictly Necessary Cookies

These cookies are essential for the platform to function and cannot be disabled. They include:

• tjr_token — authentication session cookie (httpOnly, Secure, 8-hour expiry);
• CSRF protection tokens.

5.2 Functional Cookies

Used to remember your preferences (e.g. language, timezone). These can be disabled without affecting core functionality.

5.3 Analytics Cookies

Subject to your consent, we may use privacy-preserving analytics tools to understand how the site is used. These tools are configured to anonymise IP addresses and not share data with third-party ad networks.

5.4 Managing Cookies

You can manage or delete cookies via your browser settings at any time. Disabling necessary cookies may prevent you from logging in. For more information, visit allaboutcookies.org.

6. Data Retention

• Platform accounts: Retained for the duration of the contractual relationship + 3 years for legal compliance;
• Campaign data (end-user responses): Retained as agreed in the DPA with each advertiser, typically 24 months from campaign end;
• Security logs: 12 months;
• Contact enquiries: 3 years from last contact;
• Cookie data: Session cookies expire on browser close; persistent cookies per stated expiry.

After retention periods, data is securely deleted or anonymised.

7. Recipients & International Transfers

We may share personal data with:

• Hosting provider: Our VPS infrastructure is hosted in the European Union (Hostinger, EU datacentres). No data is transferred outside the EEA for hosting purposes.
• Payment processors: If applicable, subject to their own GDPR-compliant policies.
• Advertisers (data controllers): End-user data collected via their campaigns is transmitted to them as data controllers under a signed DPA.
• Legal authorities: Where required by law or court order.

We do not sell, rent, or share personal data with third-party advertisers or data brokers for their own marketing purposes.

Where any transfer outside the EEA is required, we ensure adequate safeguards are in place (Standard Contractual Clauses, adequacy decisions).

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15): Obtain a copy of your personal data;
• Right to rectification (Art. 16): Correct inaccurate data;
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten");
• Right to restriction of processing (Art. 18);
• Right to data portability (Art. 20): Receive your data in a machine-readable format;
• Right to object (Art. 21): Object to processing based on legitimate interests;
• Right to withdraw consent: At any time, without affecting prior processing.

To exercise any of these rights, contact us at privacy@tjrinteractive.io. We will respond within 30 days.

You also have the right to lodge a complaint with your national supervisory authority. In Belgium: Autorité de protection des données (APD) — Drukpersstraat 35, 1000 Brussels.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit;
• bcrypt hashing of passwords (never stored in plain text);
• JWT session tokens stored in httpOnly, Secure cookies;
• IP-based and account-level rate limiting;
• VPS access restricted to authorised personnel via SSH key authentication;
• Regular security reviews and dependency updates.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

10. Minors

The TJr Interactive platform is intended exclusively for business users (B2B). We do not knowingly collect personal data from individuals under 16 years of age through this website. Our advertising solutions include controls to comply with applicable restrictions on advertising to minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Where changes are material, we will notify platform users by email or via an in-platform notice at least 30 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

12. Contact Us

This document constitutes the general site privacy policy of TJr Interactive (tjrinteractive.io), operated by Ted Jordan SRL. For the privacy policy governing data collection within advertising creatives, see the Creative Data Collection Notice.