fivecell

Alpha platform

About us

Careers

Blog

Contact us

fivecell

Contact us

Our Legitimate Interests

> Back to Privacy centre

Last Updated: 11th June 2026

About This Page

This page explains, in plain language, the basis on which Fivecell Research Group Limited ("Fivecell," "we," "our," or "us") relies on Legitimate Interests (Article 6(1)(f) of the GDPR) as the legal basis for certain data processing activities, in connection with our participation in the IAB Europe Transparency & Consent Framework ("TCF").

This page is intended for individuals, publishers, regulators, and IAB Europe to understand why we believe each Legitimate Interests-based activity is justified, what safeguards apply, and how you can object.

For a broader explanation of how we receive and process data, including activities based on consent rather than Legitimate Interests. See our Internet Advertising Transparency & Data Processing Disclosure and Privacy Policy.

For each activity described below, we have completed a full Legitimate Interests Assessment ("LIA"), following the three-step methodology set out in the EDPB Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR. The summaries on this page reflect the conclusions of those assessments. The full LIAs are documented internally and are available to relevant supervisory authorities on request.

A Note on How We Receive Data

Before describing our Legitimate Interests, it is important to understand our role in the data supply chain. Fivecell does not place cookies, mobile advertising identifiers, or similar technologies on user devices, and does not operate consumer-facing collection surfaces. We do not use TCF Purpose 1 (Store and/or access information on a device).

Instead, we receive pseudonymous identifiers and signals from third-party data vendors, each of whom is an IAB-registered vendor responsible for the original collection and consent at the point of capture.

As Fivecell is in the process of registering with the IAB Europe Global Vendor List ("GVL") and does not yet hold a Vendor ID, our current receipt of this data rests on the disclosed-purpose consent obtained by our data vendors, whose consent disclosures explicitly cover the provision of data to third parties, including Fivecell, for analytics purposes. Once our GVL registration is complete, our systems will additionally check incoming Transparency & Consent Strings ("TC Strings") for signals specific to our Vendor ID, once our data vendors update their Consent Management Platform ("CMP") configurations accordingly.

This page describes the Legitimate Interests we rely on once data has lawfully reached us through this chain.

Our Two Processing Activities

We carry out two related but distinct processing activities:

Activity A: SaaS Platform (Audience and Spatial Intelligence). 

We process received data to produce generalised audience and spatial analytics for our clients, and to develop and improve our platform. All location-based outputs are processed through a signal-noise algorithm that deliberately obscures precise positioning, so no output ever reveals or exposes an individual's exact location. 

Activity B: Data Licensing to Clients. 

Separately, we license underlying data to our enterprise clients under data licence agreements.

This page covers Legitimate Interests relied upon for Activity A only. Activity B does not rely on Legitimate Interests. It is enabled by our data vendors' disclosed consent for redistribution, together with our data licence agreements with clients. Activity B is described in our Internet Advertising Transparency & Data Processing Disclosure and Your Privacy Rights pages.

A Note on Special Feature 1 (Precise Geolocation Data)

Some of the data we receive includes precise location data (latitude and longitude). Under the TCF, this is classified as Special Feature 1, which requires explicit opt-in consent and cannot be based on Legitimate Interests, this applies regardless of which party in the supply chain relies on it.

This consent is obtained by our data vendors at the point of original collection (for example, via an app's location permission), and their consent disclosures cover provision of this data to third parties, including Fivecell, for analytics and programmatic advertisement purposes. Once our GVL registration is complete, our systems will additionally check the TC String for a Vendor-ID-specific Special Feature 1 signal before processing precise location data for any purpose.

Precise location data received under this consent is then used, in generalised form, as an input to the Legitimate Interests-based activities described below.

Purpose 7: Measure Advertising Performance

What we do: We use data we have received, including device identifiers, campaign interaction signals, and conversion events, to measure the reach, frequency, and effectiveness of advertising campaigns on behalf of our clients. This includes logging impressions, clicks, and conversion events, and reporting campaign performance metrics to advertisers and agencies.

Why we believe we have a legitimate interest: Fivecell has a legitimate commercial interest in providing advertising measurement and attribution services to its clients (advertisers, agencies, and publishers) who need to understand whether their campaigns are reaching the intended audience and generating measurable outcomes such as brand awareness, website visits, or conversions. Our clients have a corresponding interest in receiving accurate campaign performance data to inform their advertising investment decisions. Advertising measurement is one of the most widely recognised legitimate interests in the digital advertising industry, and is consistent with the reasonable expectations of users in an advertising-supported digital environment.

Why we believe this is necessary: Advertising measurement requires the ability to associate an advertising exposure event (an impression) with a subsequent outcome event (a click, visit, or conversion) at the individual device or identifier level. Without processing a persistent identifier, such as a cookie ID or mobile advertising ID received from our data vendors, across both the exposure and the outcome event, it is not possible to attribute outcomes to specific campaigns with any meaningful accuracy. As Fivecell does not place its own identifiers, all measurement data is received from upstream vendors under their disclosed consent, we cannot achieve the same purpose through less intrusive means because we have no alternative data collection mechanism.

Why we believe this does not override your rights:

  • Pseudonymisation: All measurement processing uses pseudonymous identifiers received from third parties. No directly identifying information such as name, email address, or government ID is used.

  • Data minimisation: Only the minimum data necessary for attribution is processed, i.e., identifier, timestamp, campaign ID, and outcome signal.

  • Purpose limitation: Measurement data is not repurposed for audience profiling or ad targeting, which are covered under separate consent-based purposes.

  • Limited consequences: Outputs are aggregated at the campaign level and are not used to make decisions about individual data subjects. 

  • Reasonable expectations: Users of advertising-supported websites and apps have a reasonable expectation that their interactions with advertising content will be tracked for the purpose of measuring whether the advertising worked. This expectation is reinforced by the widespread industry practice of advertising measurement and the transparency provided through TCF-compliant CMPs.

  • You can object: See "How to Object" below.

Purpose 9: Understand Audiences Through Statistics

What we do: We use data we have received, including device identifiers, behavioural signals, and precise location data, to produce aggregated audience intelligence and spatial analytics reports for our clients. These reports help our clients understand audience composition, behaviour, interests, and spatial patterns to inform their marketing strategies.

Why we believe we have a legitimate interest: Producing audience and spatial intelligence is a core part of our commercial offering, and our clients have a corresponding interest in receiving accurate, data-driven insights. This is a long-established type of activity in the advertising and market research industry.

Why we believe this is necessary: Producing statistically reliable insights, including insights about audience composition in specific locations, requires processing individual-level signals as inputs. Generalising or anonymising data before processing begins would make the resulting insights too imprecise to be useful, which is why we apply our generalisation safeguard at the output stage instead (see below).

Why we believe this does not override your rights:

  • Output generalisation: All location-based outputs are processed through a signal-noise algorithm that deliberately obscures precise positioning, so no output ever reveals or exposes an individual's exact location. 

  • Pseudonymisation: All individual-level data used as inputs is pseudonymous, we do not process names, email addresses, or similar directly identifying information for this purpose.

  • Aggregation: Outputs are presented at the audience-segment level, not the individual level.

  • Upstream transparency: Our data vendors' consent disclosures cover the provision of data to third parties, including Fivecell, for analytics and programmatic advertising purposes.

  • An additional consent layer is coming: Once our GVL registration is complete, Special Feature 1 consent signalling specific to our Vendor ID will provide a further layer of confirmation for any precise location data we process.

  • You can object: See "How to Object" below.

We recognise that the use of precise location data as an input, even though it never appears in our outputs, is the aspect of this activity most likely to raise questions, and we have given it the most careful consideration in our assessment. Our conclusion is that the combination of upstream consent, the necessity of precise data as an input to produce reliable outputs, and the generalisation safeguard applied to all outputs, means this processing does not override your rights and freedoms, provided the safeguards described here remain in place, which we review on an ongoing basis.

Purpose 10: Develop and Improve Services

What we do: We use data we have received to improve the accuracy of our audience and spatial analytics models, to test new analytical methods, and, importantly, to calibrate and validate the generalisation safeguard described above, ensuring it continues to provide effective protection as our platform and the data we receive evolve.

Why we believe we have a legitimate interest: Improving our platform, including the safeguard that protects our outputs, is a legitimate interest both for us commercially and, in part, for the individuals whose data we process. An effective generalisation safeguard depends on ongoing testing and calibration.

Why we believe this is necessary: Calibrating a generalisation safeguard requires comparing generalised outputs against the underlying precise data, in order to confirm the safeguard remains effective across different contexts (for example, areas with different population densities). Synthetic data or data that has already been generalised cannot be used for this purpose, because the calibration exercise is precisely about testing whether the generalisation is adequate.

Why we believe this does not override your rights:

  • Internal use only: This processing produces improvements to our internal models and methodology. It does not produce outputs that are shared with clients or that relate to identifiable individuals.

  • Pseudonymisation and access controls: Data used for this purpose remains pseudonymous and access is restricted to relevant teams.

  • No re-purposing: Improvements identified through this process are not used to create new profiles about individuals.

  • Direct benefit to data subjects: A core part of this activity, specifically, validating the generalisation safeguard, exists to protect the individuals whose data contributes to our insights.

  • You can object: See "How to Object" below, and objecting identifiers are excluded from this processing.

We recognise this is the activity where the case for Legitimate Interests requires the most careful balancing, given that it involves precise location data used for our own internal purposes rather than directly for a client-facing output. We have concluded that the direct connection between this activity and the safeguard that protects Purpose 9 outputs, combined with the absence of any external-facing or individual-level output, means this processing does not override your rights and freedoms. We review this assessment more frequently than our other Legitimate Interests assessments in light of this.

Special Purpose 1: Ensure Security, Prevent and Detect Fraud, and Fix Errors

What we do: We analyse technical signals such as IP addresses, device characteristics, and interaction timing, to identify invalid traffic, bot activity, and other fraudulent or anomalous patterns in the data we process, in order to protect the integrity of our platform and the accuracy of our services.

Why we believe we have a legitimate interest: Fraud prevention and security are expressly recognised as legitimate interests under Recital 47 of the GDPR. Our clients and data partners have a corresponding interest in the trustworthiness of the data and insights we provide.

Why we believe this is necessary: Detecting fraudulent or anomalous activity requires analysing patterns at the individual signal level. Aggregated analysis alone cannot reliably identify sophisticated fraudulent activity in real time.

Why we believe this does not override your rights:

  • This processing uses technical, non-sensitive data and does not involve special categories of data.

  • The primary effect of this processing is the exclusion of fraudulent or invalid traffic from our reporting. This affects fraudulent activity, not legitimate users.

  • Data used for this purpose is not repurposed for advertising targeting or profiling.

Special Purpose 3: Save and Communicate Privacy Choices

What we do: We record and propagate privacy choices, such as consent withdrawals, objections, and opt-outs, across our systems and to our data partners, so that your choices are respected on an ongoing basis.

Why we believe we have a legitimate interest: Recording and acting on privacy choices is necessary to give effect to the rights described elsewhere on this page and in our other policies. This processing exists to protect, not to limit, your rights.

Why we believe this is necessary: Without recording that you have made a choice, we would be unable to ensure that choice continues to be respected over time and across our systems.

Why we believe this does not override your rights: This processing is inherently protective. It consists of records of your own choices, used solely to give effect to those choices, retained for as long as necessary to ensure your opt-out remains effective.

How to Object

If you object to any of the Legitimate Interests-based processing described on this page, you can:

  1. Use the CMP where your consent was originally managed. Where a Consent Management Platform presents an "Object / Not Objecting" control for the relevant purpose, using this control will generate an updated TC String that we read and act upon.

  2. Use the Global Privacy Control (GPC) signal. We recognise and honour GPC signals as objections to non-essential processing.

  3. Contact us directly at legal@fivecellgroup.com. We will action your request within 30 days.

Where you object to processing based on Legitimate Interests, we will cease that processing in respect of your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims.

How This Page Relates to Our Other Policies

This page summarises the conclusions of our internal Legitimate Interests Assessments. For more detail, see:

Contact and Supervisory Authorities

Fivecell Research Group Limited
Dimostheni Severi 12, Office 601, 1080 Nicosia, Cyprus
Email: legal@fivecellgroup.com

Our lead supervisory authority for GDPR purposes is the Office of the Commissioner for Personal Data Protection of Cyprus (www.dataprotection.gov.cy). Matters relating to the TCF may also fall under the jurisdiction of the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/citizen), which has supervisory responsibility over IAB Europe.

fivecell

research group

Alpha platform

About us

About

Blog

Careers

Faq's

Contact us

help

Privacy centre

Privacy policy

Advertising policy

Internet advertising transparency data processing disclosure

Our legitimate interests

Your privacy rights

Cookie notice

legal

© Fivecell Research Group Limited 2026

fivecell

research group

Privacy policy

Cookie notice

Our Legitimate interests

Internet Advertising Transparency Data Processing Disclosure

Your privacy rights

Advertising policy

Privacy centre

legal

Alpha platform

About us

Blog

About

Careers

Faq's

Contact us

help

© Fivecell Research Group 2026

fivecell

research group

Privacy policy

Privacy centre

Advertising policy

Our Legitimate interests

Internet Advertising Transparency Data Processing Disclosure

Your privacy rights

Cookie notice

legal

Alpha platform

About us

About

Blog

Careers

Faq's

Contact us

help

© Fivecell Research Group 2026