GDPR & EXADS
GDPR
Since it came into effect in 2018, the General Data Protection Regulation (GDPR), has been a hot topic in the marketing world. Here we will explain what GDPR is and how EXADS ensures that you are compliant when using our ad-serving platform.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a data privacy and security law implemented by the European Union (EU), that regulates how data related to people in the EU is collected, processed, and used.
Therefore, even organizations that are not EU-based but are offering their services and products in the EU space or collecting personal information from EU citizens, need to be GDPR compliant.
In a nutshell, GDPR aligns the data protection laws across all EU member states, reinforces the individual’s right to privacy and protection of personal data, and penalizes any breaches.
2. Important GDPR definitions of terms
Personal data: Any information that can directly or indirectly identify an individual. Examples: names, IP, email addresses, location information, ethnicity, gender, bank details, web cookies, etc.
Data processing: Any action taken regarding data, such as: using, collecting, recording, erasing, storing, disclosing, etc.
Data controller: The person/organization that decides why data is collected and how it will be processed.
Data processor: The person or organization that processes the data on behalf of the data controller.
3. Quick guide to GDPR principles
Lawfulness, fairness, and transparency: data must be processed in a lawful, fair, and transparent manner to the data subject.
Purpose limitation: data must be collected and processed for specified, explicit, and legitimate purposes.
Data minimization: data collected and processed must be kept to the minimum required for the purposes specified.
Accuracy: data acquired must be kept accurate and up to date.
Storage limitation: data must be deleted once it is no longer necessary for the purposes that it has been collected for.
Integrity and confidentiality: data must be processed securely, using appropriate technical or organizational measures.
Accountability: the data controller is responsible and accountable for compliance with all the above-mentioned principles.
4. GDPR and Consent
GDPR defines consent as “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
The GDPR-defined “unambiguous” consent is required to read or write any information, such as cookies, to or from a consumer’s device.
5. IAB TCF Approved Vendor
EXADS participates in the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. EXADS’s identification number within the framework is 1084.
As EXADS has implemented the TCF, it contributes to making us GDPR compliant when participating, as a Data Processor, in the delivery of digital advertising. Our clients can rest assured that we are constantly monitoring the evolving guidance and legislation.
Under the TCF, EXADS and its clients can gather data on the legal bases of “Consent” and “Legitimate Interest”, when applicable.
“Consent” is required for the following purposes:
-
Store and/or access information on a device.
-
Create profiles for personalized ads.
-
Use profiles to select personalized ads.
Data is gathered based on “Legitimate Interest” for the following purposes:
-
Use limited data to select ads.
-
Measure advertising performance.
-
Develop and improve services.
-
Ensure security, prevent and detect fraud, and fix errors.
-
Deliver and present advertising and content.
- Save and communicate privacy choices.
Regarding the legitimate interest, it is important to point out that since EXADS participates as a Data Processor (Ad Server) and does not make decisions about the use of limited data to select advertising or measure ad performance, among other TCF purposes, our clients do so as Data Controllers (Ad Networks). Therefore, those who must manifest, when applicable, their legitimate interest in selecting and measuring ads, or other purposes related, are EXADS´ clients. To this end, a full explanation of the purposes that embrace consent, or legitimate interest can be found in IAB Europe Transparency & Consent Framework Policies
Notwithstanding the foregoing, EXADS may use Legitimate Interest for the purposes listed in section 2.5 of the Privacy Policy.
6. Privacy by Design
At EXADS we embedded a privacy-conscious culture. This is why all of our innovations consider privacy from the initial design stage, all the way to development and implementation.
By prioritizing privacy we minimize the risks of non-compliance whenever we release a new product or process. EXADS is committed to following the 7 Principles of Privacy by Design:
-
Proactive not Reactive; Preventative not Remedial.
-
Privacy as the Default Setting.
-
Privacy Embedded into Design.
-
Full Functionality – Positive-Sum, not Zero-Sum.
-
End-to-End Security – Full Lifecycle Protection.
-
Visibility and Transparency – Keep it Open.
-
Respect for User Privacy – Keep it User-Centric.
7. Privacy & Cookie Policies for EXADS Users
For EXADS, the privacy and protection of personal data are paramount. This is why we comply with the data protection laws and we are transparent regarding our use of cookies, web beacons, and similar technologies on the Applications. More details regarding the cookies we use and our policies can be found on our Platform Cookies Policy and Privacy Policy pages.