Privacy Policy Sonata


In compliance with the regulations on personal data protection and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR), as well as any other related regulations applicable at any given time, TAPTAP DIGITAL, S.L., and its group companies (hereinafter referred to as "TAPTAP") provide you with the necessary information so that you are aware of all relevant aspects regarding the processing of your data.

This Privacy Policy covers the personal data we collect and process about you, which originate from your use of websites from other companies and your use of applications from other companies on your tablets, mobile phones, and other portable devices. 

This Privacy Policy does not describe the collection and use of personal data by TAPTAP from its own website, which you can find here; nor does it describe the collection of personal data through the use of TAPTAP's whistleblowing channel, which can be reviewed here.

The processing of data carried out in TAPTAP's offices located outside the European Economic Area will comply with the security standards of the GDPR. Additionally, these offices will comply with the national and/or local data protection regulations that are applicable.

1. Who is the data controller for the processing of your data?


Tax ID: B-85914182. 

Postal Address: Edificio Eurocentro, C. del Poeta Joan Maragall 1, 14th floor – 28020 Madrid. 

Email: privacy@taptapnetworks.com 

Data Protection Officer contact: DPOprivacy@dwf-rcd.law   

2. TCF V2.2 Compliance Statement

TAPTAP Digital S.L. participates in the “IAB Europe Transparency & Consent Framework” as a Vendor with the assigned ID 475. In this regard, TAPTAP informs and ensures that it complies with the policies and specifications of the “Transparency & Consent Framework”.

3. When do we collect your personal data?

When you visit the website or mobile application of a publisher and provide your consent, TAPTAP may collect certain types of personal data about you, inferred from the use of your device. These personal data do not allow us to identify you directly, they are only linked to your user identifiers (IP addresses, device identifiers, IFA identifiers). In this regard, we do not associate that identifier with your name, email, address, or phone number, as we do not directly collect such personally identifiable information about users.

By cross-referencing this information with other datasets obtained from external partners, TAPTAP's clients may target personalized advertising to you.

4. What personal data do we collect?

The following categories of data may be automatically collected from your device, from a third-party website, or from a third-party application, and are then transmitted to TAPTAP:

  • Identifiers of your devices: IP addresses, device identifiers, IFA identifiers; Google advertising cookies;
  • Geolocation data;
  • Data related to store visits or "drive to store";
  • Information about interaction with advertising content, for the purpose of advertising retargeting;
  • Content from the segment category (for example, male, female, young adult, athlete, traveller, city of residence, etc.).

5. For what purpose do we process your personal data?

Your personal data may be processed for the following purposes:

  • Provide targeted advertising services to TAPTAP's clients (advertising segmentation).
  • Determine exposure to advertising messages that have elicited a user reaction (advertising retargeting): if we observe that you have clicked on an ad related to a product or service, our clients may send you ads more frequently related to this type of product or service.
  • Conclude exposure to advertising messages that have resulted in store visits ("drive to store"): when the smartphone on which you viewed an ad related to a product or service is observed in a store that offers this product or service, TAPTAP can deduce anonymous information about the success of the advertising campaign.
  • Evaluate in real-time the impact of an advertising campaign.
  • Generate detailed reports on the performance of an advertising campaign.
  • Ensure fraud detection and incident recovery.

6. What is the legal basis for processing your personal data?

The processing carried out by TAPTAP is based on user consent (Article 6.1.a) of the GDPR), obtained through the corresponding consent management panel. Additionally, for the purpose of fraud detection and incident recovery, the legal basis is legitimate interest (Article 6.1.f) of the GDPR).

7. How long will we retain your personal data?

Your personal data will be processed for the period necessary to fulfil the purposes set out in this Privacy Policy, as well as to retain your personal information in compliance with applicable legal provisions, especially in relation to legal prescription periods.

The criteria we follow to determine retention periods are determined by the purposes for which the data was collected and the mandatory storage periods required by legal or contractual provisions.

Please note that, in some cases, we may retain your data for the period necessary for the formulation, exercise, or defence of claims, requests, legal and/or contractual responsibilities and obligations. In these cases, your personal data will be properly blocked.

8. To whom can your data be disclosed?

Depending on the purposes for which personal information is collected, the following third parties may have access to your personal data: 

  • Public administrations, organizations, and/or competent authorities, as well as relevant law enforcement agencies, in cases where there is a requirement, a legal obligation, or where we believe there are sufficient indications and/or suspicions of criminal activity.
  • Collaborators and third-party service providers who process information as data processors. The corresponding data processing agreements have been concluded with all these providers in accordance with personal data protection regulations. 
  • Data collected and processed within the framework of Google may be transmitted to Google. In this case, we invite you to consult Google's Privacy Policy and Terms of Service.
  • Your personal data will be shared with agents who contract TAPTAP's products and/or services with the aim of enhancing the personalization of your advertising campaigns. For this purpose, these agents will be responsible for processing your personal data, and TAPTAP will act as the data processor.

9. Are international data transfers carried out?

We may transfer personal data to a country outside the European Economic Area, especially to the United States (a country that, according to the European Commission, does not offer an adequate level of security for the protection of your data). These transfers are made using safeguards permitted by the regulations, particularly the use of standard contractual clauses approved by the European Commission.

10. What are your rights when you provide us with personal data?

If we process your data, you should know that your rights are:

  • Right to request access to personal data: you can inquire whether TAPTAP is processing your data, and if so, access them.
  • Right to request rectification if the data is inaccurate or to complete incomplete data.
  • Right to request the erasure of your data
  • Right to request the restriction of its processing: in this case, TAPTAP will only keep them for the exercise or defense of claims. 
  • Right to object to processing: we will stop processing personal data, except if they must continue to be processed for legitimate reasons or for the exercise or defense of possible claims. 
  • Right to data portability: if you want your data to be processed by another data controller, we will facilitate the transfer of your data to the new controller, provided it is technically possible. 
  • Right not to be subject to a decision based solely on automated processing of your personal data

If you have given us your consent for any specific purpose, you may withdraw it at any time by clicking here. Withdrawing your consent will not affect the lawfulness of processing based on consent prior to its withdrawaI. 

To exercise your rights, you should contact us by sending an email to privacy@taptapnetworks.com or in writing to the postal address provided in section 1 of this policy. 

If you deem it appropriate, you can contact our Data Protection Officer (DPO) by writing an email to DPOprivacy@dwf-rcd.law and file a complaint with the competent authority, in this case, the Spanish Data Protection Agency (https://www.aepd.es). 

11. Additional information

Policy on Child Use: Our services are exclusively directed to individuals of legal age. In this regard, we do not intentionally collect information from minors. In any case, if you are parents or legal guardians and believe that your children have provided us with personal data, please contact us by sending an email to privacy@taptapnetworks.com.


Special category of data: TAPTAP does not collect or process personal data that reveals ethnic or racial origin, political opinions, religious or philosophical beliefs, or union membership. Additionally, we do not process genetic data, biometric data intended to uniquely identify an individual, data related to health or sexual life, or sexual orientation.

Online behavioural advertising: In the context of the advertising campaigns served by TAPTAP digital products, information about user interests collected by third party stakeholders may be used for relevant advertising (specifically selected to be significant for a particular audience). As a user, you can opt out to stop receiving this kind of ads here

You can find additional information about online behavioural advertising in the following link https://www.youronlinechoices.com/uk 

Contact Us: If at any time you believe that we have not complied with the provisions established in this Privacy Policy, please communicate it by sending an email to privacy@taptapnetworks.com or to our DPO at DPOprivacy@dwf-rcd.law. If you want to escalate a privacy-related issue or have any questions regarding this Privacy Policy, do not hesitate to contact us. We will be happy to assist you.

This policy was last updated on the 25th of January, 2024.