Mobsta Privacy Policy

This privacy policy discloses our practices for Data Management Platform (DMP) and Demand Supply Platform (DSP) services.
What personally identifiable information is collected through the delivery of services related to DMP and DSP platforms, how it is used, and with whom it may be shared.

1. Information on collection, use and sharing of Personal Data
2. The special conditions of the GDPR and processing roles.
3. How Mobsta contracts with partners involved in the processing of Personal Data
4. The security procedures in place to protect the misuse of Personal Data
5. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

Mobsta collects and utilises data that is specific to data subjects utilising mobile devices globally, including the European Economic Area (EEA). 
Collection, processing, retention, and disposal of Personal Information for DMP and DSP services are only processed when the individual has provided consent.

Mobsta will not use or process Personal Data outside of the service it was contracted for.

Mobsta will not share Personal Data with third parties outside of the knowledge of the Data Controller for services it was contracted for.

Mobsta will only transfer data to other countries in a legal, secure and auditable manner.

Mobsta will protect and secure any Personal Information to protect against unauthorised access and use.

Mobsta has enacted a Privacy by Design structure to ensure compliance with the privacy framework.

Mobsta will not share your information with any third party outside of our organisation, other than as necessary to provide a service.

GDPR and Processing Data

The EU Data Protection Law outlines the responsibilities and roles of organisations that handle Personal Data involving an EEA based data subject. 

These roles are defined in GDPR Article 4 as “Controllers” and “Processor”. What control an organisation has in relationship to Personal Data is the determining factor here. The “Controller” is an organisation who determines the purposes for which, and the way in which, Personal Data is processed. By contrast, a “Processor” is one who processes Personal Data on behalf of the Data Controller.

In all contracts, Mobsta and our data partners take the role of the “Processor” of Personal Data, either on behalf of the Data Controller, or as a Sub Processor on behalf of other Data Processors. In being a Data Processor, we have committed contractually to GDPR compliant clauses which:

1) Qualify our contracts as GDPR compliant where roles and responsibilities are defined and transparent in compliance with GDPR Article 24 – 43; and
2) Have a defined, explicit scope for processing the Personal Data in conjunction with the Data subjects’ privacy rights and consents as managed by the Data Controller. 

How Mobsta Partners to Process Data

Mobsta uses contractual clauses to define how we and our partners manage, handle, and secure Personal Data involved in the process of fulfilling advertising campaigns. 

Mobsta requires Data Protection Amendments with partners to define how processors of Personal Data handle, secure, and process Personal Data.

Mobsta requires all Data Controllers to obtain transparent and explicit consent of the affected data subjects.  

All Personal Data is handled under enforceable contractual clauses committing to Purpose Limitation for processing data, conduct of Subcontracting, Data Security, Data Subject Rights, Data Quality standards, and Data Transparency and Fairness. 

All Mobsta contracts that require the transfer of Personal Data such as Data Supply Partners, SSPs, Exchange Partners, Advertisers, and Publishers ae handled under these agreements. 

Access to and Control for Data Subjects

All EEA Data Subjects have the right to:

Review of Personal Information for individuals to access their information and ensure it is correct and accurate.

Mobsta respects and facilitates data subjects’ rights to consent, remove consent, acquire, correct, and delete all forms of Personal Data we hold on them. 

Data Subjects also have the right to object to the legal processing, automatic processing, as well as file a complaint with national regulatory authorities.


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect Personal Data, that information is encrypted and transmitted to us in a secure way. 

While we use encryption to protect personal and sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.


Our Privacy Policy may change from time to time and all updates will be posted on this page.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via email at