top of page
Logo Connected Stories, the ultimate agentic solution for AI-powered real-time content personalization

Privacy Statement

This statement was last updated on 12 June 2025.

 

HyperTv S.R.L. is a tech advertisement provider which supplies its customers, such as brands and media agencies, with the Connected Stories platform. This is a technology to create and measure the effectiveness of online advertisement in the form of videos, stories, and other content (collectively “Ads”), that are shared with online users who may be interested in them.

In order to provide such technologies to its customers, HyperTv S.r.l. collects and processes the personal data of online users related to their behaviours in relation to the Ads. Accordingly, HyperTv S.r.l. considers data protection and privacy as part of its corporate objectives, responsibilities, and values.

INTRODUCTION 

This Privacy Statement applies to the processing of personal data carried out by HyperTv S.r.l. ("we", "our", "us"), as Data Controller pursuant to the Regulation (EU) 2016/679, General Data Protection Regulation ("GDPR") through the platform https://studio.connected-stories.com

and related subdomains 

- cs10.connected-stories.com, 

- cdn10.connected-stories.com, collectively ("platform").

We provide this Privacy Statement pursuant to Article 13 GDPR to anyone who accesses the advertisement created and communicated from our platform to any single and specific device, ("user/s" or "you") to explain how we collect and process the user’s personal data ("data subjects") through the advertisement and the platform, in compliance with the GDPR and the Italian legislation on the protection of personal data. Please consider that if the user of a device uses several browsers, this Privacy Statement and the related privacy setting configuration apply to all of them and must be set up with respect to each browser. 

Below, the user will find the information about the types of personal data we collect, the purposes and related grounds of the processing, the means of processing, the retention of personal data, the security measures adopted to protect them, the persons with which we share such personal data and the rights that the user can exercise to protect their personal data. 

For more information on how and for what purposes we process personal data, please read our Privacy Policy.

As we collect and process the users’ personal data through the use of Cookies and other tracking tools on our platform and/or the advertisement we allow our customers to create and communicate, please refer to our Cookies Policy and/or send an email to privacy@hypertvx.com

IAB EUROPE AND THE TRANSPARENCY & CONSENT FRAMEWORK

The Interactive Advertising Bureau in Europe (“IAB EU”) launched its Transparency and Consent Framework (“TCF”) in April 2018. The TCF is an industry tool that supports companies within the digital advertising ecosystem to manage their compliance obligations under Data Protection Laws, and it provides a standardised way to provide notice and choice across the Internet. You can read more about the TCF here.

HyperTv participates in the IAB EU’s TCF and complies with its specifications and policies. HyperTV identification number as a vendor within the TCF is 699. 

LINK TO EXTERNAL SITES

Advertisement units provided by us are generally displayed on websites outside connected-stories.com that may have different privacy policies. 

This Privacy Statement does not govern nor apply to such third-party websites nor to third-party links, contents, cookies, and other tracking tools (collectively “third party resources”) which may be referred to within our website and/or may be accessible through it.

In particular, once you have used these links to leave our platform, you should note that we do not have any control over those third-party resources. Therefore, we cannot be responsible for the security and protection of your personal data when you access and/or interact with such third-party resources.

TYPES OF PERSONAL DATA COLLECTED

  • Personal data provided by the users voluntarily

 

We may collect and process the users’ names, surnames, e-mails and telephone/mobile numbers for the purposes of the campaign forms provided through the Advertisement in connection with our customers’ brands.

 

  • Personal data automatically collected by us 

 

We may collect directly from your browsing experience with the Advertisement, such as information about your device, the browser you use, the operating system, the date and time of connection, and the URLs you visited. 

 

  • Personal data inferred by us

 

We may collect and process through Cookies the information about the user’s interaction with the Advertisement (e.g. how long you watch or click on the Advertisement, what elements of the Advertisement you click on – logo, background, the audience segments or interest categories we may associate with your profile based on this activity).

 

  • Personal data received from third parties

 

We may collect and receive personal data from third parties, such as Demand Side Platforms (DSP), which has certified that they collected the users’ consent to the communication of their personal data to us in relation to the purposes of this Privacy Statement. The personal data may encompass for instance, alternatively or cumulatively: 

  • Age

  • Gender

  • site URL

  • IP address

  • postal code

  • city string

  • state string

  • country string

  • player size

  • approximate geographic coordinates

  • device type and os

  • tcf consent string

  • cookie ID
     

  • Personal data about your location

 

We may process information about your location, by means of the IP address of your device, your postal code or the city received from third parties.

PURPOSES AND GROUNDS OF PROCESSING

    1. To Deliver Personalized Ads and Create User Profiles

  • Description: We process personal data to deliver advertising that is relevant to your likely interests. This involves receiving contextual data and pseudonymous identifiers from our advertising partners (such as Ad Exchanges and DSPs) to select an appropriate Ad. We then analyze your interaction with that Ad (e.g., what you click on, how long you watch) to infer your interests and create a pseudonymous profile. This profile, linked only to an identifier like a cookie ID and not to your real-world identity (like your name or email), helps us and our partners select more relevant Ads for you in the future.

  • Legal Basis: Consent (Art. 6.1.a GDPR). Your consent is collected and managed via the IAB Transparency & Consent Framework (TCF) through the cookie banner on the publisher's website where the AD is displayed.

    2. To Analyze and Measure Ad Performance

  • Description: A core part of our service is to measure the effectiveness of the advertising campaigns we deliver. We collect and analyze interaction data (such as impressions, clicks, video completion rates, and interactions with specific Ad elements) to create performance reports for our customers (e.g., media agencies or brands e.g automotive, fashion, food ect.). These reports, typically provided in an aggregated and statistical form, help our customers understand the return on their advertising investment and optimize future campaigns.

  • Legal Basis: Consent (Art. 6.1.a GDPR).

    3. To Fulfill a User's Specific Request

  • Description: This purpose applies only when you choose to actively engage with a form inside an Ad. If you voluntarily provide your personal data (such as your name and email) to be contacted, to download a resource, or to participate in a promotion, we process that data solely to fulfill your specific request and transmit it to our customer (the brand behind the campaign). In this context, HyperTv acts as a technical conduit.

  • Legal Basis: Performance of pre-contractual measures requested by you (Art. 6.1.b GDPR).

    4. To Ensure Security, Prevent Fraud, and Operate Our Services

  • Description: We process technical data, such as IP addresses, server logs, and other device identifiers, to ensure the proper functioning and security of our Platform and services. This includes troubleshooting technical issues and debugging; preventing and detecting malicious activities, security threats, and fraudulent or invalid traffic (like bots); and protecting our legal rights and interests in case of disputes or unlawful conduct.

  • Legal Basis: Legitimate Interest of the Controller (Art. 6.1.f GDPR).

    5. To Comply with Legal Obligations

  • Description: In certain circumstances, we may be required to process your personal data to comply with legally binding obligations, regulations, or orders from competent authorities. This could include, for example, obligations related to accounting and tax laws or requests from judicial authorities.

  • Legal Basis: Legal Obligation (Art. 6.1.c GDPR).

MEANS OF PROCESSING AND DATA SECURITY

    A. Means of Processing 

We process your personal data using primarily automated systems, following logic strictly related to the purposes indicated in this Privacy Statement and in full compliance with the GDPR and Italian legislation.

While our services rely on automation to personalize advertising, you are not subject to decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you (as defined in Article 22 of the GDPR).

    B. Data Security Measures 

We have implemented robust technical and organizational measures to protect your personal data at every step of the process.

  • Infrastructure: Our solutions are hosted in top-tier data centres that are internationally classified as Tier 3 or Tier 4 for their high standards of security and availability.

  • Encryption: All user data stored "at rest" is encrypted by default using strong cryptographic protocols, such as AES-256 or AES-128.

  • Threat Detection: We utilize a cloud-native Intrusion Detection System (IDS) to actively monitor our network for threats, including malware, spyware, and command-and-control attacks.

  • Monitoring and Analysis: High-quality threat intelligence data is generated and analyzed daily to allow for effective investigation and correlation of potential security events.

DATA RETENTION

We retain your personal data for a period of time no longer than is necessary to fulfil the purposes for which it was collected, in compliance with the storage limitation principle. The specific retention periods vary depending on the purpose of the processing:

  • Data for Ad Personalization and Analytics (processed based on consent): The pseudonymous identifiers (like your Cookie ID) and the associated interest profile are retained for a maximum of 12 months from the date of your last interaction with one of our Ads. 

  • Data to Fulfill a User's Request (processed to perform pre-contractual measures): When you voluntarily provide data through a form, we retain it only for the time strictly necessary to process your request and forward it to our customer (the brand). After that, the data is deleted from our systems.

  • Data for Security and Fraud Prevention (processed based on legitimate interest): Technical data used for security purposes, such as server logs and IP addresses, are retained for a maximum of 12 months unless a longer retention period is necessary to investigate a security incident or a fraudulent activity.

  • Data for Compliance with Legal Obligations: Data processed to fulfil legal and fiscal obligations (e.g., related to contracts with our customers) will be retained for the period required by law, which is typically 10 years in Italy for accounting and tax records.

  • Data for Legal Defense: In the event of a dispute, we may retain your personal data for the time necessary to protect our rights in court, up to the statutory limitation period provided for by Italian law (the ordinary prescription term is 10 years).

Upon expiry of the applicable retention period, your personal data will be permanently deleted or irreversibly anonymized. 

COMMUNICATION OF PERSONAL DATA

We do not sell your personal data. We may share it with specific recipients only when necessary to provide our services and for the purposes described in this Privacy Statement. We distinguish between two main categories of recipients:

1. Related Group Companies We may share personal data with our US-based subsidiary, HyperTV Inc., for administrative purposes and to manage contractual relationships with customers in certain international markets. HyperTv S.r.l. remains the Data Controller that defines the purposes and means of the processing.

2. Data Processors These are third-party service providers who process personal data on our behalf, based on our instructions and in accordance with a specific data processing agreement (DPA). This category includes:

  • Technological Service Providers: Such as companies providing hosting, cloud services (e.g., Google Workspace), and other essential IT infrastructure.

  • Organizational Service Providers: Companies or professionals providing technical support or maintenance for our platform.

3. Independent Data Controllers These are third parties who act as autonomous data controllers, meaning they determine the purposes and means of processing for the data they receive. This category includes:

  • Our Customers and Advertising Partners: The brands (e.g., media agencies or brands e.g automotive, fashion, food ect.) that commission our Ads, as well as partners in the programmatic advertising chain (e.g., DSPs, SSPs). We recommend you consult their respective privacy policies for more information.

  • Consultants and Professionals: Such as lawyers, auditors, and accountants who provide professional services to our company.

  • Public Authorities: When required by law or to comply with a legally binding order.

  • Corporate Transaction Partners: In the event of extraordinary corporate operations such as a merger, acquisition, or sale of a business unit.

You can request an updated list of the specific recipients by contacting us at privacy@hypertvx.com.

INTERNATIONAL DATA TRANSFERS

As part of our standard business operations, we need to transfer some personal data to recipients located outside the European Economic Area (EEA). Specifically, we transfer data to our subsidiary company located in the United States. Furthermore, some of our technology service providers (e.g., cloud services) may be based in the US or other non-EEA countries. We ensure that every transfer of data outside the EEA is conducted in full compliance with the GDPR. These transfers are legitimized and protected by the adoption of Standard Contractual Clauses (SCCs) approved by the European Commission, which impose on the data importer a level of data protection equivalent to that of the EU. Where necessary, these clauses are supplemented by additional technical and organizational security measures.

If you wish to receive a copy of the specific safeguards adopted for these transfers, you can send a request to privacy@hypertvx.com.

INTEGRATION WITH GOOGLE SERVICES

Our Platform offers customers the ability to optionally integrate with certain Google services to enhance functionality and reporting. When a customer chooses to connect their Google account, we access and use data from these services strictly in accordance with Google's API Services User Data Policy, including the Limited Use requirements.

We are committed to the highest levels of data protection. Any user data collected through these integrations is handled with strict confidentiality, is not shared with unauthorized third-party tools or AI models, and is used exclusively for providing and improving the integrated features as described below.

1. YouTube Integration

For customers using our Platform to manage their video content, we offer an integration with the YouTube API Services. By using this integration ("API Client"), you are agreeing to be bound by the YouTube Terms of Service.

  • Information Collection and Use: We use the YouTube API Services to allow our customers to upload their video Ads to their YouTube channel directly from our Platform. This requires accessing API Data and user information necessary for the functionality of this service (e.g., video upload).

  • Governing Policies: Our use of the YouTube API is governed by the YouTube Terms of Service and we adhere to the Google Privacy Policy.

  • Revoking Access: You can revoke our access to your YouTube data at any time via the Google security settings page https://security.google.com/settings/security/permissions

2. Google Ads Integration

For some of our customers, and only upon their explicit authorization, our service may integrate with their Google Ads account. In this capacity, HyperTV acts as a Data Processor on behalf of the customer.

  • Information Collection and Use: This integration allows us to access the customer's Google Ads dashboard to view campaign performance data, such as impressions, clicks, costs per conversion, and audience segment performance. The purpose of this access is solely to analyze the effectiveness of our Ads in relation to the customer's broader advertising activities and to provide comprehensive, aggregated performance reports.

  • Governing Policies: We handle all data in accordance with Google's policies and the specific data processing terms agreed upon with our customers.

  • Revoking Access: The customer can revoke our access to their Google Ads data at any time via the Google security settings page for third-party access.

YOUR RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA

You can exercise your rights at any time in relation to the processing of personal data, as required by articles. 7, 15-22 of Regulation (EU) 2016/679, General Data Protection Regulation ("GDPR"), by contacting the Data Controller at the e-mail address below, in particular:

  • Right to withdraw consent: withdraw your consent at any time, if the processing is based on your consent for one or more specific purposes. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.

  • Right of access: in certain circumstances, you have the right to obtain from the data controller confirmation of the existence or not of personal data concerning you and, in this case, to request access to such personal data. The access information includes, among others, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be communicated, the sources of the personal data, the duration of storage and the technical security measures adopted to safeguard personal data in case of transfer outside the Single European Area. However, this is not an absolute right and the interests of other people may limit the right of access. You also have the right to request a copy of your personal data. For the additional copies requested, the data controller may charge a reasonable fee, taking into account the administrative costs incurred.

  • Right of rectification: in certain circumstances, you have the right to obtain the rectification (i.e. correction) of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to obtain the integration of incomplete personal data, also by providing a supplementary statement.

  • Right to erasure: in certain circumstances, you have the right to obtain the erasure of personal data concerning you. In such cases, the data controller will take steps to delete, or permanently make unintelligible, such personal data.

  • Right to restriction of processing: in certain circumstances, you have the right to obtain from the data controller the restriction of the processing of your personal data. In this case, the data will be marked and may only be processed by us for certain purposes.

  • Right to data portability: in certain circumstances, you have the right to receive the personal data concerning you and that you have provided to the Data Controller in a structured format, commonly used and readable by an automatic device, and the right to transmit such data to another entity.

  • Right to object: in certain circumstances you have, at any time, for reasons related to your particular situation, the right to object to the processing of personal data and you can request that the data controller no longer processes such data. If you have and exercise the right to object, your personal data will no longer be processed unless the data controller demonstrates compelling legitimate grounds for the processing, pursuant to the GDPR.

If personal data are processed for marketing purposes, you always have the right to object to the processing at any time, including to profiling to the extent that it is connected to direct marketing, and your personal data will no longer be processed for these purposes.

  • Automated processing of personal data: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. The foregoing prohibition does not apply if you have provided your explicit consent to the decision based on the automated processing or this decision is necessary for the conclusion or execution of a contract with the data controller, or if the decision is authorized by the European Union or Italian law.

For more information on the processing of your personal data by us, please read our Cookie Policy and our Privacy Policy

 

CONTACT DETAILS AND DATA CONTROLLER


The platform is managed by HyperTv S.r.l., located in via Panama 86, 00198 Roma, which acts as Data Controller and can be contacted with regard to the present Privacy Statement and any request for assistance in relation to personal data processing at the e-mail address privacy@hypertvx.com. HyperTv S.r.l. 's Data Protection Officer can be contacted at the email address dpo@HyperTvx.com.

 

CHANGES TO THE PRIVACY STATEMENT


This Privacy Statement may be updated from time to time and each update contains the update date.

bottom of page