GDPR & EXADS

 
 

GDPR

Since it came into effect in 2018, the General Data Protection Regulation (GDPR), has been a hot topic in the marketing world. Here we will explain what GDPR is and how EXADS ensures that you are compliant when using our ad serving platform.

 

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy and security law implemented by the European Union (EU), that regulates the way in which data related to people in the EU is collected, processed and used.

Therefore, even organizations that are not EU-based but are offering their services and products in the EU space or collect personal information from EU citizens, need to be GDPR compliant.

In a nutshell, GDPR aligns the data protection laws across all EU member states, reinforces the individual’s right to privacy and protection of personal data, and penalizes any breaches.

 

2. Important GDPR definitions of terms

Personal data: Any information that can directly or indirectly identify an individual. Examples: names, IP, email addresses, location information, ethnicity, gender, bank details, web cookies, etc.

Data processing: Any action taken regarding data, such as: using, collecting, recording, erasing, storing, disclosing, etc.

Data controller: The person/organization that decides why data is collected and how it will be processed.

Data processor: The person or organization that processes the data on behalf of the data controller.

 

3. Quick guide to GDPR principles

Lawfulness, fairness and transparency: data must be processed in a lawful, fair and transparent manner to the data subject.

Purpose limitation: data must be collected and processed for specified, explicit and legitimate purposes.

Data minimization: data collected and processed must be kept to the minimum required for the purposes specified.

Accuracy: data acquired must be kept accurate and up to date.

Storage limitation: data must be deleted once it is no longer necessary for the purposes that it has been collected for.

Integrity and confidentiality: data must be processed in a secure way, using appropriate technical or organizational measures.

Accountability: the data controller is responsible and accountable for compliance to all above-mentioned principles.

 

4. GDPR and Consent

GDPR defines consent as “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

The GDPR-defined “unambiguous” consent is required to read or write any information, such as cookies, to or from a consumer’s device. Legitimate interest, however, allows us to process and retain personal data collected via those cookies.

 

5. IAB TCF v2.0 Approved Vendor

EXADS participates in the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. EXADS’s identification number within the framework is 1084.

As EXADS has implemented the TCF, it contributes to make us GDPR compliant when participating, as Data Processor, in the delivery of digital advertising. Our clients can rest assured that we are constantly monitoring the evolving guidance and legislation.

Under the TCF, EXADS and its clients can gather data on the legal bases of “Consent” and “Legitimate Interest”, when applicable.

“Consent” is required for the following purposes:

  • Store and/or access information on a device.
  • Create profiles for personalized ads.
  • Use profiles for personalized ads.

Data is gathered on the basis of “Legitimate Interest” for the following purposes:

  • Use limited data to select ads.

  • Measure advertising performance.

  • Develop and improve services.

  • Ensure security, prevent and detect fraud, and fix errors.

  • Deliver and present advertising and content.

Regarding the legitimate interest, it is important to point out that since EXADS participates as a Data Processor (Ad Server) and does not make decisions about the use of limited data to select advertising or measure ad performance, among other TCF purposes, our clients do so as Data Controllers (Ad Networks). Therefore, those who must manifest their legitimate interest in selecting and measuring ads, or other purposes related, are EXADS´ clients. To this end, a full explanation of the purposes that embrace the legitimate interest can be found on IAB Europe Transparency & Consent Framework Policies.

Notwithstanding the foregoing, EXADS may act as a Data Controller, and therefore, uses Legitimate Interest for the purposes listed in section 2.5 of the Privacy Policy.

6. Privacy by Design

At EXADS we embedded a privacy-conscious culture. This is why all of our innovations consider privacy from the initial design stage, all the way to development and implementation.

By prioritizing privacy we minimize the risks of non-compliance whenever we release a new product or process. EXADS is committed to following the 7 Principles of Privacy by Design:

  1. Proactive not Reactive; Preventative not Remedial.

  2. Privacy as the Default Setting.

  3. Privacy Embedded into Design.

  4. Full Functionality – Positive-Sum, not Zero-Sum.

  5. End-to-End Security – Full Lifecycle Protection.

  6. Visibility and Transparency – Keep it Open.

  7. Respect for User Privacy – Keep it User-Centric.

7. Privacy & Cookie Policies for EXADS Users

For EXADS, privacy and the protection of personal data are paramount. This is why we comply with the data protection laws and we are transparent regarding our use of cookies, web beacons and similar technologies on the Applications. More details regarding the cookies we use and our policies, can be found on our Platform Cookies Policy  and Privacy Policy  pages.