Last Updated: 21-07-2025
-
Introduction
At ShieldHub Ltd., we are committed to protecting the privacy of individuals while providing digital marketing and advertising services to our Clients. Our role is to connect advertisers with high-quality advertising inventory through a curated network of supply partners and technology platforms (Partners).
We do not collect or directly process personal data from You (our Clients). However, the delivery of ads may involve the use of third-party technologies that process certain information of visitors of our Partners websites (Visitors) to ensure ad placement, performance measurement, and when permitted, personalization.
The purpose of this Privacy Notice is to explain:
- What kind of personal data is gathered in connection with our Services
- For what purposes is used
- How it is protected
- What choices Visitors have regarding their personal data
-
Who We Are
ShieldHub Ltd.
The Victoria Centre, Unit2, Lower Ground Floor
Valletta Road, Mosta
MST9012, Malta
Email: info@shieldhub.net
We are a curated platform supplier providing digital marketing services to advertisers – our Clients. Our Service includes helping advertisers – our Clients, to access premium advertising inventory across websites, apps, and connected environments via partnerships with independent ad technology companies – our Partners.
In the delivery of our Services, we act as a Data Processor on behalf of You (our Clients), who are the Data Controllers. We serve as an intermediary, connecting You with relevant Partners’ network of websites where You can place Your ads — such as Facebook, Google, or any other advertising platform where You wish to run Your campaign targeting Visitors to the Partners’ network of websites These Partners act as Independent Data Controllers for the Visitors exposed to an ad placed on their network of websites. To understand how our Partners use information from sites or apps that use their services (including cookies and similar technologies), you may consult their privacy page, for example, Google’s privacy policy at:
https://policies.google.com/technologies/partner-sites
-
How Data is Collected?
Although ShieldHub does not collect personal data directly, however via our technology Partners and supply Partners we may process pseudonymous personal data of the Visitors of their network of websites (Personal Data) through the use of:
- Cookies: Small text files stored on visitor device to recognize browsers or devices across visits
- Pixel Tags and Web Beacons: Invisible images or code snippets that track interactions with ads or content
- Mobile SDKs: Software tools integrated into apps for ad delivery and measurement on mobile devices
- Device Identifiers: Such as Apple’s IDFA or Android’s AAID
- Connected TV Identifiers: Used for advertising on connected TV devices
This data is pseudonymized, meaning it cannot directly identify Visitor of Partners website as an individual. The identifiers used (such as cookies or device IDs) are linked to devices or browsers not to real-world identity like names, addresses, or contact details. These technologies collect certain information for technical ad delivery, frequency capping, fraud prevention, performance reporting, personalisation and when consent is provided.
-
What Personal Data Do We Collect, for What Purposes and on Which Legal Ground?
Delivery of our Service requires placing a cookie (or similar technology) on the Partner’s network of websites. This is necessary to deliver our Service ,specifically, to place Your advertisement in the appropriate segment, for the personalisation of the advertisements if consent is given by the website’s Visitor and to measure the success of the campaign.) Therefore, we might process the following categories of pseudonymous Personal Data about Visitors of Partners websites, collected via this technology:
- IP Address (used for approximate geolocation, fraud prevention, and ad delivery)
- Device and Browser Information (e.g., browser type, operating system, screen resolution)
- Cookie Identifiers or Pseudonymous IDs (for ad delivery and frequency capping)
- Mobile Ad Identifiers (e.g., IDFA, AAID)
- Ad Interaction Data (such as impressions, clicks, or video completions)
- Contextual Information (such as the type of page or app content where ads are displayed)
Please note that as part of our Services we do not collect any information that could directly identify Visitors. This means we do not know who the Visitors are, their name, address, place of work, date of birth, email address, or phone number. We do not collect special categories of Personal Data as defined under the General Data Protection Regulation (such as your religious affiliation, political opinions or health details). We do not create segments and do not specifically target children under 18 or 21 years old respectively according to applicable laws.
As for our Partners, please note that we always aim to cooperate with those who strictly follow and comply with relevant privacy and data protection regulations. As noted, our Partners process their Visitors’ Personal Data in accordance with their own data protection notices or policies, and they always obtain adequate consent from Visitors of a website, in order to target them with online advertising.
| Purpose | Legal Basis |
| Technical delivery of advertisements | Legitimate Interest |
| Measurement of ad performance | Consent |
| Preventing fraud and ensuring security | Legitimate interest |
| Ad personalization | Consent |
| Developing and improving advertising services | Consent |
-
Data Sharing and Transfers
ShieldHub may share Personal Data that it processes in provisioning of the Services, subject to appropriate data processing agreements, with carefully selected third parties/vendors with whom we need to cooperate in order to provide our Services. Therefore, Personal Data may be shared, for example, with the following third parties for the purposes outlined below:
- Supply-side partners (publishers and ad inventory providers) for the purpose of placing the ad in the right segment
- Demand-side platforms (DSPs) and advertisers for the purpose of placing the ad in the right segment
- Fraud detection tools for security purposes
- Measurement and technology partners that help us to measure success and delivery of advertising campaigns
- Infrastructure and hosting services providers
Personal Data may also be disclosed if required by law, for the purpose of legal claims, or in the case of corporate transactions such as mergers or acquisitions. Please note that we will never sell Personal Data processed within provisioning of our Services!
All of our third-party vendors are located within the European Economic Area (EEA). If we ever need to transfer Personal Data to a vendor or authority outside the EEA, please be assured that we will only do so in accordance with applicable data protection laws, such as conducting a Transfer Impact Assessment and implementing Standard Contractual Clauses.
Please note that location of our Partners depends on your choices where you want to place your advertisement.
-
Data Retention
Data used for advertising is typically retained by our Partners for up to 13 months, depending on local regulations and the type of identifier used (e.g., cookie vs. mobile ID).
Server logs may be retained for security and debugging purposes for up to 50 days. The lifespan of the cookies leveraged by ShieldHub is limited to 30 days.
-
Data Subject’s Rights
Please note that, in line with the General Data Protection Regulation (GDPR), Visitors have the following rights with respect to their Personal Data:
- Access: Know what Personal Data is collected along with information how is processed
- Correction: Fix inaccurate or incomplete Personal Data
- Deletion: Request Personal Data removal, where that is possible and in line with applicable law
- Restriction: Limit how Personal Data is processed
- Objection: Object to and opt out of certain processing (e.g., ad personalization), profiling and automated decision making, etc.
- Portability: Request transfer of Personal Data to any third party
- To lodge a complaint: with a supervisory authority in a Visitor country of residence or with the authority of our establishment – the Office of the Information and Data Protection Commissioner in Malta (IDPC).
It is important to note that Visitors can exercise their rights directly with our Partners, who act as their Data Controllers, in accordance with the Partners’ Privacy Notices. As a Data Processor, we may assist our Partners in facilitating the exercise of these rights when they believe we hold relevant information and specifically request our support. As a Data Processor, we cannot exercise these rights directly to a Visitors, nor do we possess this information, as we do not know Visitors’ identity.
Therefore, Visitors can usually exercise these rights through:
- The website or app they are visiting, via cookie banners or consent management tools
- Industry-wide opt-out mechanisms, such as:
Visitors have the ability to control cookies and similar technologies directly in their browser settings. Options typically include:
- Blocking all cookies
- Allowing only first-party cookies
- Deleting cookies after each session
- Managing preferences for individual websites
-
Security Measures
We implement industry-standard technical and organizational measures to protect Personal Data from unauthorized access, alteration, or loss. In the unlikely event of a data breach, we will notify affected individuals and relevant authorities, where required.
In addition, all our Partners implement appropriate technical and organizational measures to:
- Protect data from unauthorized access
- Prevent misuse or loss
- Respond promptly to potential data breaches
-
Compliance And Industry Standards
ShieldHub works only with privacy-compliant Partners that follow:
- GDPR (EU)
- ePrivacy Directive (EU)
- CCPA / CPRA (California)
- Other applicable local regulations
Many of our Partners participate in the IAB Transparency & Consent Framework (TCF) to ensure standardised privacy management.
-
Updates to This Notice
We may update this Notice to reflect changes in:
- Laws or regulatory guidance
- Our services or partnerships
- Industry standards
The most recent version will always be available on our website.