Privacy Policy — ASK LOCALA PTE LTD (Singapore)
ASK LOCALA is developing an omnichannel digital advertising platform primarily aimed at major retail chains, restaurants, and car dealerships. The platform enables clients to evaluate store performance in real time, identify nearby potential customers, drive in-store traffic, and measure return on investment. ASK LOCALA delivers targeted advertising to consumers while they browse mobile apps or websites from mobile devices by participating in real-time bidding (RTB).
ASK LOCALA also provides a proprietary solution that enables clients to obtain detailed footfall statistics for specific geographic areas — including physical points of sale — whether or not connected to an advertising campaign.
This policy (the “Policy”) explains how we process personal data in connection with these services and applies to you if you are located in Singapore.
We process personal data in accordance with applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA) and, where relevant for cross-border operations, the Malaysian Personal Data Protection Act 2010.
A. Who is the data controller?
The following entities act as joint controllers/organisations for the processing described:
- ASK LOCALA: single-shareholder simplified joint-stock company, RCS Paris no. 534 318 415, 55 Rue d’Amsterdam, 75008 Paris, France.
- ASK LOCALA PTE LTD: a private company limited by shares incorporated in Singapore, registered office at 31 Boon Tat Street #02-01, Singapore 069625.
“ASK LOCALA” in this Policy refers to both entities above.
B. Information we process
We process data associated with your device’s mobile advertising identifier. If you consent, our partners share
information collected via your identifier (e.g. IDFA for Apple or GAID for Android)
when you use mobile apps or websites. Consent is obtained by the publisher of the apps or sites you use.
- Consent data: consent string to verify you authorise processing.
- Indirect identifiers: MAID (mobile advertising identifier), IP address.
- Browsing data: device/browser details (type, OS, language, screen size, device time/time zone) and information about ads viewed or clicked (impressions, clicks, in-ad events).
- Precise geolocation data: device latitude/longitude; we may associate this with defined areas/locations (e.g. around a client’s store) to infer presence at a given time.
- Tracking tools: pixels and similar technologies used by us and/or clients/partners where you have consented.
We do not directly identify you (we do not use data such as your name or postal address).
C. How do we use the information?
C.1 Dissemination of targeted or non-targeted advertisements
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Delivery & targeting via Fusio DSP / third-party DSPs | Deliver RTB campaigns on proprietary or third-party DSPs according to advertiser criteria. | Consent | 13 months |
| Measurement via Fusio DSP | Measure campaign performance (ad serving, impressions, in-ad events, clicks) and reporting. | Consent | 13 months |
| Pre-bid filters (IAS, DoubleVerify) | Optimise pre-auction for viewability, fraud risk, and brand safety. | Consent | 13 months |
| Media buying optimisation algorithms | Adjust bids in real time based on publisher performance. | Consent | 13 months |
| Frequency capping via Fusio DSP | Limit ad frequency per ID (IDFA/GAID). | Consent | 60 days |
| Third-party audiences (Adsquare) | Use audience segments to decide whether to bid. | Consent | 13 months |
| Drive-to-store measurement (Adsquare) | Assess impact of campaigns on in-store visits using Adsquare. | Consent | 13 months |
| Centroid detection algorithms | Detect suspicious/inconsistent locations (fraudulent lat/long) from mobility data. | Legitimate interest | 3 months |
C.2 Audience creation
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Custom audience creation | Create segments (groups of users with common characteristics) for ad targeting. | Consent | Daily calculation; rolling 30-day window |
| Integrate custom audiences in Fusio DSP | Build segments based on information provided by clients. | Consent | 13 months |
| Retargeting via Fusio DSP | Segments based on prior exposure or clicks in previous campaigns. | Consent | 13 months |
C.3 Measurement of in-store visits
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Drive-to-store measurement (Locala) | Evaluate impact of campaigns on physical in-store visits using Locala tools. | Consent | 13 months |
C.4 Trend analysis
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Trend analysis via planning platform | Produce statistical trend reports, media strategies, and target descriptions using mobility data flows. | Consent | Raw data: 120 days |
C.5 Selection of premium advertising inventories
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Curated Deal | Inventory curation (publishers, geotargeting, custom audiences) to maximise campaign performance. | Consent | 13 months |
C.6 Compliance with our legal obligations
| Processing name | Purpose | Legal basis | Retention |
|---|---|---|---|
| Manage rights requests | Handle privacy rights requests and ensure your choices and rights are respected. | Legal obligation | 5 years from closure of the request |
| Opt-out list management | Maintain a list to identify MAIDs that object to processing. | Legal obligation | Until objection is withdrawn |
| Consent string verification | Enable processing only where prior consent is verified. | Legal obligation | 13 months (Fusio DSP) • up to 120 days (mobility data) |
The retention periods above do not preclude exercising your rights under Section E where legally possible.
D. Sharing information
Data recipients. We may disclose data to:
- ASK LOCALA staff who process data as part of their duties;
- ASK LOCALA group entities (subsidiaries and affiliates);
- Partners and service providers (including performance measurement providers);
- SSP platforms participating in RTB auctions;
- Clients (advertisers/media agencies) acting as independent controllers under their privacy policies;
- Authorised third parties under legal or regulatory obligations, and our professional advisers;
- Prospective buyers/investors in connection with corporate transactions under appropriate contractual safeguards.
International transfers. Personal data may be transferred outside Singapore (and, where applicable, Malaysia) — for example, to the United States where some hosting providers or partners operate. Our primary host is Amazon Web Services (AWS). Where transfers are made to jurisdictions that may not provide an equivalent level of protection, we implement safeguards required by applicable laws (e.g. contractual clauses and technical/organisational measures) to ensure a level of protection comparable to that under the Singapore PDPA and other applicable regulations. For questions, see H. Contact us.
E. Your rights
You may exercise the following rights using the details in H. Contact us:
- Access: obtain a copy of your personal data and information about how we process it.
- Rectification: request correction of inaccurate or incomplete data.
- Restriction (where applicable): request limits on processing in certain cases (e.g. accuracy disputed, unlawful processing, pending objection).
- Withdraw consent: at any time with future effect where processing is based on consent.
- Objection (where applicable): object to processing based on legitimate interests; we will stop unless compelling legitimate grounds prevail or processing is required for legal claims.
- Portability (if GDPR applies): receive your data in a structured, commonly used, machine-readable format where processing is based on contract performance.
- Deletion/erasure: request deletion where no longer needed, consent withdrawn, processing unlawful, or erasure required by law.
- Posthumous instructions: provide instructions regarding handling of your data after death.
To facilitate processing, please include “Exercise of rights relating to my personal data” in your subject line.
We will respond within one (1) month of receiving your request. If your request is imprecise or incomplete, we may
request additional information.
Supervisory authorities
- Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg
- Malaysia: Department of Personal Data Protection (JPDP) — pdp.gov.my
- France (where relevant): CNIL — cnil.fr
Behavioural advertising & mobile advertising identifiers
We help clients deliver advertising likely to be of interest to users (behavioural/targeted advertising).
To learn more or to opt out of certain third-party behavioural advertising, visit
digitaladvertisingalliance.org.
Mobile advertising identifiers are device-specific (e.g. GAID for Android; IDFA/IFA for Apple).
Managing your preferences:
- iOS: Settings → Privacy & Security → Apple Advertising → disable “Personalised Advertising”. To control app access to data, see “Manage sharing and access” (Apple Support).
- Android: Settings → Google → Ads → “Delete advertising identifier”. To control app data access, adjust app permissions (Google Support).
These actions stop collection via your advertising identifier and the display of our campaigns on your device. You
may also contact us via our form (“Your Privacy Choices”) or the details in H. Contact us to
withdraw consent previously given.
Finding your advertising ID:
- Android: Settings → Google → Ads (your unique advertising ID is displayed).
- iOS: not shown natively; use a third-party app (e.g. “My Device ID by AppsFlyer”).
F. IAB Europe Transparency & Consent Framework (TCF)
ASK LOCALA is a member of the IAB Europe TCF and complies with its specifications and policies. In line with TCF
principles, we collect device information automatically subject to prior end-user consent in applicable regions.
Consent is collected by partner publishers and transmitted to us as a consent string under TCF standards.
ASK LOCALA is identified under number 119.
G. Changes to this Policy
We may modify this Policy and will inform you of material changes. Please review it periodically.
H. Contact us
ASK LOCALA has a Data Protection Officer (DPO).
For questions about this Policy, contact:
• Email: privacy@asklocala.com