Since it came into effect in 2018, the General Data Protection Regulation (GDPR), has been a hot topic in the marketing world. Here we will explain what GDPR is and how EXADS ensures that you are compliant when using our ad serving platform.

The General Data Protection Regulation (GDPR) is a data privacy and security law implemented by the European Union (EU), that regulates the way in which data related to people in the EU is collected, processed and used.

Therefore, even organizations that are not EU based but are offering their services and products in the EU space or collect personal information from EU citizens, need to be GDPR compliant.

In a nutshell, GDPR aligns the data protection laws across all EU member states, reinforces the individual’s right to privacy and protection of personal data, and penalizes any breaches.

Personal data: Any information that can directly or indirectly identify an individual. Examples: names, IP, email addresses, location information, ethnicity, gender, bank details, web cookies, etc.

Data processing: Any action taken regarding data, such as: using, collecting, recording, erasing, storing, disclosing, etc.

Data controller: The person/organization that decides why data is collected and how it will be processed.

Data processor: The person or organization that processes the data on behalf of the data controller.

Lawfulness, fairness and transparency: data must be processed in a lawful, fair and transparent manner to the data subject.

Purpose limitation: data must be collected and processed for specified, explicit and legitimate purposes.

Data minimization: data collected and processed must be kept to the minimum required for the purposes specified.

Accuracy: data acquired must be kept accurate and up to date.

Storage limitation: data must be deleted once it is no longer necessary for the purposes that it has been collected for.

Integrity and confidentiality: data must be processed in a secure way, using appropriate technical or organizational measures.

Accountability: the data controller is responsible and accountable for the compliance to all above mentioned principles.

GDPR defines consent as “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

The GDPR-defined “unambiguous” consent is required to read or write any information, such as cookies, to or from a consumer’s device. Legitimate interest, however, allows us to process and retain personal data collected via those cookies.

EXADS is an approved vendor for the Interactive Advertising Bureau’s (IAB) Transparency & Consent Framework (TCF) v2.0. As EXADS has implemented TCF, we are GDPR compliant when serving ads. Our clients can rest assured that we are constantly monitoring the evolving guidance and legislation.

Under the TCF v2.0, EXADS can gather data on the legal bases of “Consent” and “Legitimate Interest”.

“Consent” is required for the following purposes:

  • Store and/or access information on a device.
  • Create a personalized ad profile.
  • Select personalized ads.

Data is gathered on the basis of “Legitimate Interest” for the following purposes:

  • Select basic ads.
  • Measure ad performance.

Additionally, personal data can be collected for security, fraud prevention, and debugging, or to technically deliver ads and content. A full explanation of the framework can be found on the IAB Europe website .

At EXADS we embedded a privacy-conscious culture. This is why all of our innovations consider privacy from the initial design stage, all the way to development and implementation.

By prioritizing privacy we minimize the risks of non-compliance whenever we release a new product or process. EXADS is committed to following the 7 Principles of Privacy by Design:

  • 1. Proactive not Reactive; Preventative not Remedial.
  • 2. Privacy as the Default Setting.
  • 3. Privacy Embedded into Design.
  • 4. Full Functionality – Positive-Sum, not Zero-Sum.
  • 5. End-to-End Security – Full Lifecycle Protection.
  • 6. Visibility and Transparency – Keep it Open.
  • 7. Respect for User Privacy – Keep it User-Centric.

For EXADS, privacy and the protection of personal data are paramount. This is why we comply with the data protection laws and we are transparent regarding our use of cookies, web beacons and similar technologies on the Applications. More details regarding the cookies we use and our policies, can be found on our Platform Cookies Policy and Privacy Policy pages.